Vulnerability Details CVE-2026-28777
International Datacasting Corporation (IDC)
SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a complete pty to gain an appropriately interactive shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.7%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-28777
-
cpe:2.3:h:datacast:sfx2100:-
-
cpe:2.3:o:datacast:sfx2100_firmware:-