CVE-2026-28775
Unauthenticated RCE via SNMP Default Writable Community String
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
| CWE | CWE-1188 |
| Vendor | international datacasting corporation (idc) |
| Product | sfx2100 series superflex satellitereceiver |
| Published | Mar 4, 2026 |
| Last Updated | Mar 5, 2026 |
Get instant alerts for international datacasting corporation (idc) sfx2100 series superflex satellitereceiver
Be the first to know when new unknown vulnerabilities affecting international datacasting corporation (idc) sfx2100 series superflex satellitereceiver are published โ delivered to Slack, Telegram or Discord.