VYPR
Vendor

International Datacasting Corporation

Products
3
CVEs
20
Across products
23
Status
Private

Products

3

Recent CVEs

20
  • CVE-2026-29128Mar 5, 2026
    risk 0.00cvss epss 0.00

    IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain…

  • CVE-2026-29127Mar 5, 2026
    risk 0.00cvss epss 0.00

    The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege…

  • CVE-2026-29126Mar 5, 2026
    risk 0.00cvss epss 0.00

    Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and…

  • CVE-2026-29125Mar 5, 2026
    risk 0.00cvss epss 0.00

    IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service.

  • CVE-2026-29124Mar 5, 2026
    risk 0.00cvss epss 0.00

    Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local…

  • CVE-2026-29123Mar 5, 2026
    risk 0.00cvss epss 0.00

    A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via…

  • CVE-2026-29122Mar 5, 2026
    risk 0.00cvss epss 0.00

    International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to…

  • CVE-2026-29121Mar 5, 2026
    risk 0.00cvss epss 0.00

    International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to…

  • CVE-2026-29120Mar 4, 2026
    risk 0.00cvss epss 0.00

    The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline…

  • CVE-2026-29119Mar 4, 2026
    risk 0.00cvss epss 0.00

    International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via…

  • CVE-2026-28778Mar 4, 2026
    risk 0.00cvss epss 0.01

    International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write…

  • CVE-2026-28777Mar 4, 2026
    risk 0.00cvss epss 0.00

    International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker…

  • CVE-2026-28776Mar 4, 2026
    risk 0.00cvss epss 0.00

    International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped…

  • CVE-2026-28775Mar 4, 2026
    risk 0.00cvss epss 0.01

    An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by…

  • CVE-2026-28774Mar 4, 2026
    risk 0.00cvss epss 0.02

    An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell…

  • CVE-2026-28773Mar 4, 2026
    risk 0.00cvss epss 0.02

    The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the `IPaddr`…

  • CVE-2026-28772Mar 4, 2026
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or…

  • CVE-2026-28771Mar 4, 2026
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input…

  • CVE-2026-28770Mar 4, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user…

  • CVE-2026-28769Mar 4, 2026
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse…