Datacast Vulnerabilities
Comprehensive security vulnerability database for Datacast products
7
3
1
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-28775 | 10.0 | An attacker can remotely take complete control of the SFX Series SuperFlex Satellite Receiver because it allows unauthorized access to its SNMP service, which is set up insecurely with a default password that gives full access. This vulnerability requires no authentication, meaning anyone can exploit it to run any command on the device as if they were the system's administrator. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28774 | 9.3 | This vulnerability allows an attacker with valid login credentials to run any command on the system with full administrative rights by manipulating a specific setting in the web-based Traceroute tool. If exploited, this could enable the attacker to take complete control of the device and potentially compromise the entire network. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28773 | 9.3 | This vulnerability allows an attacker who is already logged into the web management interface of the SFX Series satellite receiver to run any command on the device with full root access. By cleverly using certain characters in the input, they can bypass security checks and execute malicious commands, potentially taking complete control of the system. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28772 | 5.1 | This vulnerability allows an attacker to run malicious scripts in a user's web browser by sending a specially crafted request to the device's web management interface. It requires the attacker to trick a user into clicking a link that includes the malicious code, which then gets executed without proper checks. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28771 | 5.1 | An attacker can inject malicious code into a webpage that users access through the SFX Series SuperFlex Satellite Receiver, which could allow them to run harmful scripts in the victims' browsers. This happens because the device doesn't properly check the input from users before displaying it, and it requires the victim to click on a specially crafted link to trigger the attack. | datacastsfx2100 firmware | Exploit Available | about 1 month agoMar 4, 2026 |
| CVE-2026-28770 | 5.3 | This vulnerability allows an authenticated attacker to inject malicious XML code into the web management interface of a satellite receiver, potentially leading to reflected cross-site scripting (XSS) attacks. The attacker can exploit this flaw by manipulating the `file` parameter in a specific script, which could also open the door for further attacks like XML External Entity (XXE) attacks. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28769 | 5.3 | An attacker with valid login credentials can exploit a flaw in the web management portal of the SFX Series satellite receiver to access and list files on the device's filesystem by manipulating a specific parameter. This could lead to sensitive information exposure if the attacker knows how to navigate the directory structure. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
About Datacast Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Datacast products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.