CVE-2026-28775

216.73.217.22

· Published 04/03/2026 08:16 · Modified 05/03/2026 06:16

Labels: CVE-2026-28775 2026-03-04 CVE-2026-28775 CWE-1188 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published: 04/03/2026 08:16
Modified: 05/03/2026 06:16
Author: —
Creator: —
CVSS: 10.0 CRITICAL (v3) 10.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD: View on NVD

Affected products (CPE)

Product	CPE
international datacasting / superflex sattelitereceiver	`cpe:2.3:a:international_datacasting:superflex_sattelitereceiver::::::::`
net-snmp / net-snmp	`cpe:2.3:a:net-snmp:net-snmp:<5.8:::::::*`