Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 5, 2026

Unauthenticated RCE via SNMP Default Writable Community String

CVE-2026-28775

Description

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize NET-SNMP-EXTEND-MIB directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.

Affected products

Net Snmp/Net SNMPllm-fuzzy
Range: <5.8
International Datacasting Corporation/SFX Series SuperFlex Satellite Receiverllm-fuzzy
International Datacasting Corporation (IDC)/SFX2100 Series SuperFlex SatelliteReceiverv5
Range: SFX2100

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.abdulmhsblog.com/posts/sfx2100-vulns/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000