CVE-2026-28777
Weak SSH Password in IDC SFX2100 Enables Remote Unauthorized Access
Publication date: 2026-03-04
Last updated on: 2026-03-17
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacast | sfx2100_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the International Datacasting Corporation (IDC) SFX2100 Satellite Receiver. It involves a trivial password set for the 'user' (usr) account, which allows a remote unauthenticated attacker to gain unauthorized SSH access to the system.
Although the attacker is initially dropped into a restricted shell, they can easily spawn a complete pseudo-terminal (pty) to obtain a fully interactive shell, thereby gaining greater control over the system.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker to remotely access the system without authentication.
Once access is gained, the attacker can escalate from a restricted shell to a fully interactive shell, potentially allowing them to execute arbitrary commands, manipulate system settings, or disrupt normal operations.
Given the high CVSS score of 9.2, this vulnerability poses a critical security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know