CVE-2026-28778
Hardcoded Credentials in IDC SFX Enable Root Remote Code Execution
Publication date: 2026-03-04
Last updated on: 2026-03-17
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacast | sfx2100_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver, which contains undocumented, hardcoded, and insecure credentials for the 'xd' user account.
A remote unauthenticated attacker can use these credentials to log in via FTP.
Since the 'xd' user has write permissions to their home directory where root-executed binaries and symbolic links (such as those used by 'xdstartstop') are stored, the attacker can overwrite these files or manipulate the symlinks.
This allows the attacker to achieve arbitrary code execution with root privileges.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows a remote unauthenticated attacker to gain root-level control over the affected device.
With root privileges, the attacker can execute arbitrary code, potentially leading to full system compromise, unauthorized access to sensitive data, disruption of services, or use of the device as a foothold for further attacks within a network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know