Cyber Posture

CVE-2026-28775

CriticalPublic PoC

Published: 04 March 2026

Published
04 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0090 75.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs…

more

as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the vulnerable net-snmp version prior to 5.8 that enables RCE via NET-SNMP-EXTEND-MIB directives.

CM-6 Configuration Settings good match
prevent

Enforces secure configuration settings to change or remove the default read/write 'private' SNMP community string, preventing unauthenticated access.

AC-6 Least Privilege good match
prevent

Requires the SNMP agent to run with least privilege instead of root, limiting the impact of command execution even if exploited.

Security SummaryAI

CVE-2026-28775 is an unauthenticated remote code execution (RCE) vulnerability in the SNMP service of the International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The issue stems from the device insecurely provisioning the "private" SNMP community string with read/write access by default. The SNMP agent runs as root and relies on a vulnerable version of net-snmp prior to 5.8, enabling exploitation through NET-SNMP-EXTEND-MIB directives. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1188.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By leveraging the default read/write SNMP community string, the attacker can issue directives via the NET-SNMP-EXTEND-MIB to execute arbitrary operating system commands with root privileges on the affected device.

Advisories detail the vulnerability in a blog post at https://www.abdulmhsblog.com/posts/sfx2100-vulns/, which covers the SFX2100 vulns and likely includes mitigation guidance, though specific patch details are not enumerated in available descriptions.

Details

CWE(s)
CWE-1188NVD-CWE-noinfo

Affected Products

datacast
sfx2100 firmware
all versions

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Unauthenticated RCE via SNMP service exploitation using default RW community string and NET-SNMP-EXTEND-MIB maps to T1190 (Exploit Public-Facing Application). Enables arbitrary OS command execution as root, mapping to T1059.004 (Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References