CVE-2026-29119 — CVSS 9.8 (critical): International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for…
CVE-2026-28775 — CVSS 9.8 (critical): An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX…
CVE-2026-28776 — CVSS 9.8 (critical): International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor`…
CVE-2026-28777 — CVSS 9.8 (critical): International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote…
CVE-2026-28778 — CVSS 9.8 (critical): International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials…
CVE-2026-28774 — CVSS 8.8 (high): An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC)…
CVE-2026-28770 — CVSS 8.8 (high): Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX…
CVE-2026-28773 — CVSS 8.8 (high): The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite…
CVE-2026-29120 — CVSS 7.8 (high): The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex…
CVE-2026-29121 — CVSS 7.8 (high): International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This…
CVE-2026-29126 — CVSS 7.8 (high): Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite…
CVE-2026-29127 — CVSS 7.8 (high): The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is…
CVE-2026-29123 — CVSS 7.8 (high): A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to…
CVE-2026-29124 — CVSS 7.8 (high): Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack…
CVE-2026-28769 — CVSS 6.5 (medium): A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series…
CVE-2026-28772 — CVSS 6.1 (medium): A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC)…
CVE-2026-28771 — CVSS 6.1 (medium): A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX…
CVE-2026-29122 — CVSS 5.5 (medium): International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This…
CVE-2026-29125 — CVSS 4.7 (medium): IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that…