{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28778", "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "state": "PUBLISHED", "assignerShortName": "Gridware", "dateReserved": "2026-03-03T09:59:08.426Z", "datePublished": "2026-03-04T07:49:10.824Z", "dateUpdated": "2026-03-05T05:58:40.991Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IDC SFX2100 SuperFlex Satellite Receiver", "vendor": "International Datacasting Corporation (IDC)", "versions": [{"status": "affected", "version": "SFX2100"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Abdul Mhanni"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user.\n\n<br>"}], "value": "International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Unauthorized file system access And Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.9, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "shortName": "Gridware", "dateUpdated": "2026-03-05T05:58:40.991Z"}, "references": [{"url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/"}], "source": {"discovery": "UNKNOWN"}, "title": "Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T15:07:14.004466Z", "id": "CVE-2026-28778", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:13:21.053Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T15:07:14.004466Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:07:20.526Z"}}], "cna": {"title": "Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Abdul Mhanni"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Unauthorized file system access And Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "International Datacasting Corporation (IDC)", "product": "IDC SFX2100 SuperFlex Satellite Receiver", "versions": [{"status": "affected", "version": "SFX2100"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.abdulmhsblog.com/posts/spfx-vulnrabilities/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user.", "supportingMedia": [{"type": "text/html", "value": "International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "shortName": "Gridware", "dateUpdated": "2026-03-04T08:31:36.155Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28778", "state": "PUBLISHED", "dateUpdated": "2026-03-04T15:13:21.053Z", "dateReserved": "2026-03-03T09:59:08.426Z", "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "datePublished": "2026-03-04T07:49:10.824Z", "assignerShortName": "Gridware"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C57B6A9-CAF9-4C8A-85FC-562E16F291FE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A3BC5C9-39D5-4908-B470-A46E9ECFD6AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user."}, {"lang": "es", "value": "El receptor de sat\u00e9lite SuperFlex de la serie SFX de International Datacasting Corporation (IDC) contiene credenciales no documentadas, codificadas/inseguras para la cuenta de usuario 'xd'. Un atacante remoto no autenticado puede iniciar sesi\u00f3n a trav\u00e9s de FTP utilizando estas credenciales. Debido a que el usuario 'xd' tiene permisos de escritura en su directorio de inicio, donde se almacenan binarios ejecutados por root y enlaces simb\u00f3licos (como los invocados por 'xdstartstop'), el atacante puede sobrescribir estos archivos o manipular enlaces simb\u00f3licos para lograr la ejecuci\u00f3n de c\u00f3digo arbitrario como usuario root."}], "id": "CVE-2026-28778", "lastModified": "2026-03-17T17:02:28.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary"}]}, "published": "2026-03-04T08:16:14.253", "references": [{"source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/"}], "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SFX2100"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "IDC SFX2100 SuperFlex Satellite Receiver", "source": "cna", "vendor": "International Datacasting Corporation (IDC)"}, "product": "idc_sfx2100_superflex_satellite_receiver", "vendor": "international_datacasting_corporation_(idc)"}], "analysis": {"en": {"generated_at": "2026-04-16T13:42:34.543657+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest firmware update or patch that removes the hard\u2011coded credentials and corrects the file permissions for the xd account", "Disable or restrict the FTP service and change or remove the default xd credentials so that non\u2011administrative users can no longer authenticate", "Reconfigure the filesystem permissions on the xd home directory to prevent write access to binaries executed as root"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution and Root Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the International Datacasting Corporation SFX2100 SuperFlex Satellite Receiver. Specific product model is the SFX2100; no version information is supplied to indicate the extent of the affected firmware revisions.", "description_and_impact": "International Datacasting Corporation\u2019s SFX2100 SuperFlex Satellite Receiver ships with undocumented, hard\u2011coded credentials for a local xd account. An attacker can log in to the receiver\u2019s FTP service without any prior authentication, and because the xd user has write permission to its home directory, the attacker may overwrite binaries or manipulate symbolic links that are executed with root privileges. This gives the attacker the ability to run arbitrary code as root, compromising the entire device.", "risk_and_exploitability": "The CVSS score of 7.9 places the issue in the high\u2011severity range, while the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is a remote unauthenticated FTP session, whereby the attacker can replace root\u2011executed binaries or alter symlinks to achieve privilege escalation to root."}}}}, "created": "2026-03-04T21:03:56.873853+00:00", "updated": "2026-04-16T13:45:21.953787+00:00", "vendors": ["international_datacasting_corporation_(idc)", "international_datacasting_corporation_(idc)$PRODUCT$idc_sfx2100_superflex_satellite_receiver"]}