How serious is CVE-2026-28775?

This vulnerability has a CVSS score of 10 out of 10, classified as CRITICAL severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-28775?

CVE-2026-28775 affects datacast sfx2100 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-28775?

To remediate CVE-2026-28775, check for security patches from datacast. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-28775

Critical

|10.0

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can remotely take complete control of the SFX Series SuperFlex Satellite Receiver because it allows unauthorized access to its SNMP service, which is set up insecurely with a default password that gives full access. This vulnerability requires no authentication, meaning anyone can exploit it to run any command on the device as if they were the system's administrator.

Technical Description

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$15,000($5K-$15K)

Vendor Response

Grade APatched in 5 days

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 9, 2026

29 days ago

Vendor

datacast

Product

sfx2100 firmware

Related Vulnerabilities

CVE-2026-28774Critical

This vulnerability allows an attacker with valid login credentials to run any command on the system with full administrative rights by manipulating a specific setting in the web-based Traceroute tool. If exploited, this could enable the attacker to take complete control of the device and potentially compromise the entire network.

CVE-2026-28773Critical

This vulnerability allows an attacker who is already logged into the web management interface of the SFX Series satellite receiver to run any command on the device with full root access. By cleverly using certain characters in the input, they can bypass security checks and execute malicious commands, potentially taking complete control of the system.

CVE-2026-28772Medium

This vulnerability allows an attacker to run malicious scripts in a user's web browser by sending a specially crafted request to the device's web management interface. It requires the attacker to trick a user into clicking a link that includes the malicious code, which then gets executed without proper checks.

CVE-2026-28771Medium

An attacker can inject malicious code into a webpage that users access through the SFX Series SuperFlex Satellite Receiver, which could allow them to run harmful scripts in the victims' browsers. This happens because the device doesn't properly check the input from users before displaying it, and it requires the victim to click on a specially crafted link to trigger the attack.

CVE-2026-28770Medium

This vulnerability allows an authenticated attacker to inject malicious XML code into the web management interface of a satellite receiver, potentially leading to reflected cross-site scripting (XSS) attacks. The attacker can exploit this flaw by manipulating the `file` parameter in a specific script, which could also open the door for further attacks like XML External Entity (XXE) attacks.