Vulnerability Details CVE-2026-28776
International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell, the attacker can trivially break out to achieve standard shell functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.2%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-28776
-
cpe:2.3:h:datacast:sfx2100:-
-
cpe:2.3:o:datacast:sfx2100_firmware:-