Description
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
Published: 2026-03-04
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises because the SNMP agent on the SFX2100 Series SuperFlex SatelliteReceiver is configured with a writable community string named "private" by default. The SNMP daemon runs as root and uses a net‑snmp version prior to 5.8 that accepts NET‑SNMP‑EXTEND‑MIB commands. An attacker who can reach the SNMP port can send an extend command that causes the daemon to execute arbitrary operating system commands with root privileges, giving the attacker full control of the device. The impact is a complete compromise of confidentiality, integrity, and availability.

Affected Systems

International Datacasting Corporation’s SFX2100 Series SuperFlex SatelliteReceiver (both hardware and firmware) are affected. No specific firmware revisions are listed, so all current releases that run the default SNMP configuration are at risk.

Risk and Exploitability

The CVSS score of 10 indicates maximum severity. The exploit probability is reported as less than one percent, suggesting the vulnerable configuration is uncommon or not widely exploited yet, but the absence from a known exploited vulnerability catalog does not diminish the risk for a network that can reach the device. The likely attack vector is remote SNMP over the network; no authentication or complex prerequisites are required beyond network connectivity to the SNMP service. If exploitation occurs, the attacker would gain root privileges and could execute any command, set up persistence, or tamper with satellite reception functions.

Generated by OpenCVE AI on April 17, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest firmware patch or upgrade the net‑snmp component to a version 5.8 or newer that removes the NET‑SNMP‑EXTEND‑MIB execution flaw.
  • Reconfigure the SNMP service to replace the default writable "private" community string with a strong, read‑only community or secure authentication mechanism.
  • Disable the NET‑SNMP‑EXTEND‑MIB extension entirely or restrict it to trusted hosts only.

Generated by OpenCVE AI on April 17, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*
cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*
Vendors & Products Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 05 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared International Datacasting Corporation (idc)
International Datacasting Corporation (idc) sfx2100 Series Superflex Satellitereceiver
Vendors & Products International Datacasting Corporation (idc)
International Datacasting Corporation (idc) sfx2100 Series Superflex Satellitereceiver

Wed, 04 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated SNMP RCE via Default Writable Community String Unauthenticated RCE via SNMP Default Writable Community String

Wed, 04 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
Title Unauthenticated SNMP RCE via Default Writable Community String
Weaknesses CWE-1188
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Datacast Sfx2100 Sfx2100 Firmware
International Datacasting Corporation (idc) Sfx2100 Series Superflex Satellitereceiver
cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published:

Updated: 2026-03-05T05:59:25.113Z

Reserved: 2026-03-03T09:59:08.426Z

Link: CVE-2026-28775

cve-icon Vulnrichment

Updated: 2026-03-04T15:41:00.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T08:16:13.803

Modified: 2026-03-09T18:24:21.757

Link: CVE-2026-28775

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses