Datacast

Sfx2100 Firmware

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-28778

Exploit
  • EPSS 0.41%
  • Veröffentlicht 04.03.2026 07:49:10
  • Zuletzt bearbeitet 17.03.2026 17:02:28

International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because...

9.8

CVE-2026-28777

Exploit
  • EPSS 0.31%
  • Veröffentlicht 04.03.2026 07:41:29
  • Zuletzt bearbeitet 17.03.2026 17:05:35

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a r...

9.8

CVE-2026-28776

Exploit
  • EPSS 0.31%
  • Veröffentlicht 04.03.2026 07:34:30
  • Zuletzt bearbeitet 17.03.2026 16:51:46

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SS...

9.8

CVE-2026-28775

Exploit
  • EPSS 0.67%
  • Veröffentlicht 04.03.2026 07:24:50
  • Zuletzt bearbeitet 09.03.2026 18:24:21

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string wi...

8.8

CVE-2026-28774

Exploit
  • EPSS 0.19%
  • Veröffentlicht 04.03.2026 07:22:57
  • Zuletzt bearbeitet 09.03.2026 18:24:06

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inje...

8.8

CVE-2026-28773

Exploit
  • EPSS 0.65%
  • Veröffentlicht 04.03.2026 07:16:58
  • Zuletzt bearbeitet 09.03.2026 18:23:56

The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely ...

8.8

CVE-2026-28770

Exploit
  • EPSS 0.06%
  • Veröffentlicht 04.03.2026 07:16:14
  • Zuletzt bearbeitet 09.03.2026 18:23:14

Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The applicati...

6.5

CVE-2026-28769

Exploit
  • EPSS 0.35%
  • Veröffentlicht 04.03.2026 07:16:13
  • Zuletzt bearbeitet 09.03.2026 18:20:19

A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `f...

6.1

CVE-2026-28772

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.03.2026 07:12:53
  • Zuletzt bearbeitet 09.03.2026 18:23:37

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute...

6.1

CVE-2026-28771

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.03.2026 07:11:36
  • Zuletzt bearbeitet 09.03.2026 18:23:27

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sa...