CVE-2026-28775
Unauthenticated RCE in IDC SFX Series SNMP Service
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacast | sfx2100_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated Remote Code Execution (RCE) issue in the SNMP service of the International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The device insecurely sets the SNMP community string named 'private' with read/write access by default. Since the SNMP agent runs with root privileges and uses a vulnerable version of net-snmp (pre 5.8), an attacker can exploit NET-SNMP-EXTEND-MIB directives to execute arbitrary operating system commands remotely without authentication.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated remote attacker to execute arbitrary commands on the affected device with root privileges. This can lead to full system compromise, unauthorized access to sensitive data, disruption of services, and potentially using the compromised device as a foothold for further attacks within a network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know