Datacast Sfx2100_firmware
20 CVEs affecting Datacast Sfx2100_firmware. Latest disclosed: 2026-03-05. Critical: 6, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-29128 | Critical | 10.0 | 2026-03-05 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are own… |
CVE-2026-29119 | Critical | 9.8 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account… |
CVE-2026-28778 | Critical | 9.8 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user acc… |
CVE-2026-28777 | Critical | 9.8 | 2026-03-04 | International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can… |
CVE-2026-28776 | Critical | 9.8 | 2026-03-04 | International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthent… |
CVE-2026-28775 | Critical | 9.8 | 2026-03-04 | An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex Sat… |
CVE-2026-28774 | High | 8.8 | 2026-03-04 | An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex… |
CVE-2026-28773 | High | 8.8 | 2026-03-04 | The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Manageme… |
CVE-2026-28770 | High | 8.8 | 2026-03-04 | Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Sate… |
CVE-2026-29127 | High | 7.8 | 2026-03-05 | The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permis… |
CVE-2026-29126 | High | 7.8 | 2026-03-05 | Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a loc… |
CVE-2026-29124 | High | 7.8 | 2026-03-05 | Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/I… |
CVE-2026-29123 | High | 7.8 | 2026-03-05 | A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local… |
CVE-2026-29121 | High | 7.8 | 2026-03-05 | International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elev… |
CVE-2026-29120 | High | 7.8 | 2026-03-04 | The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insec… |
CVE-2026-28769 | Medium | 6.5 | 2026-03-04 | A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite… |
CVE-2026-28772 | Medium | 6.1 | 2026-03-04 | A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex… |
CVE-2026-28771 | Medium | 6.1 | 2026-03-04 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Sate… |
CVE-2026-29122 | Medium | 5.5 | 2026-03-05 | International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants ele… |
CVE-2026-29125 | Medium | 4.7 | 2026-03-05 | IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect networ… |