VYPR

Sfx2100 Satellite Receiver

by International Datacasting Corporation

CVEs (12)

  • CVE-2026-29128Mar 5, 2026
    risk 0.00cvss epss 0.00

    IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain…

  • CVE-2026-29127Mar 5, 2026
    risk 0.00cvss epss 0.00

    The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege…

  • CVE-2026-29126Mar 5, 2026
    risk 0.00cvss epss 0.00

    Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and…

  • CVE-2026-29125Mar 5, 2026
    risk 0.00cvss epss 0.00

    IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service.

  • CVE-2026-29124Mar 5, 2026
    risk 0.00cvss epss 0.00

    Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local…

  • CVE-2026-29123Mar 5, 2026
    risk 0.00cvss epss 0.00

    A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via…

  • CVE-2026-29122Mar 5, 2026
    risk 0.00cvss epss 0.00

    International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to…

  • CVE-2026-29121Mar 5, 2026
    risk 0.00cvss epss 0.00

    International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to…

  • CVE-2026-29120Mar 4, 2026
    risk 0.00cvss epss 0.00

    The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline…

  • CVE-2026-28778Mar 4, 2026
    risk 0.00cvss epss 0.01

    International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write…

  • CVE-2026-28777Mar 4, 2026
    risk 0.00cvss epss 0.00

    International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker…

  • CVE-2026-28776Mar 4, 2026
    risk 0.00cvss epss 0.00

    International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped…