31 matches found
CVE-2026-28776
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28775
An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...
CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the presence of binary...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has security vulnerabilities; these vulnerabilities stem from the...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from overly permissive file...
EUVD-2026-9369
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...
EUVD-2026-9367
A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...
EUVD-2026-9364
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28775
An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...
CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...
CVE-2026-28776
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-29119
International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...
CVE-2026-28776
Summary of the vulnerability (CVE-2026-28776) : IDC SFX2100/SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the logical monitor user. A remote, unauthenticated attacker can use these trivial, undocumented credentials to access the device via SSH, initially in a restricte...
CVE-2026-28776
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-28775
CVE-2026-28775 concerns an unauthenticated RCE in the SNMP service of IDC SFX Series SuperFlex SatelliteReceiver. The device insecurely provisions a default writable SNMP community string (private), and the SNMP agent runs with root privileges. An unauthenticated attacker could exploit NET-SNMP-E...
CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...
CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...
CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...