CVE-2026-28775

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver versions prior to 5.8

Description An unauthenticated Remote Code Execution (RCE) issue exists in the SNMP service. The system insecurely configures the private SNMP community string with read/write access by default. Because the SNMP agent operates with root privileges, a remote attacker without authentication can leverage NET-SNMP-EXTEND-MIB directives to execute arbitrary operating system commands with root privileges. This is possible due to the system running a version of net-snmp prior to 5.8.

Recommendations Update the net-snmp library to version 5.8 or later. Change the default SNMP community string from private to a strong, unique value. Restrict access to the SNMP service to authorized networks and hosts. Disable the NET-SNMP-EXTEND-MIB if it is not required.