Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
IDC SFX Series SuperFlex SatelliteReceiver: Unauthenticated Remote Code Execution
CVE-2026-28775
Summary
The SNMP service in IDC SFX Series SuperFlex SatelliteReceiver allows an attacker to run malicious commands on the device without a password. This could allow them to make changes to the device or take control of it. Update the device to the latest version of the SNMP service to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| datacast | sfx2100_firmware | All versions | – |
Original title
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecur...
Original description
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
nvd CVSS4.0
10.0
Vulnerability type
CWE-1188
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026