International Datacasting Corporation SFX Series SuperFlex Satellite Receiver SNMP Service Unauthenticated Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receivers. This vulnerability arises because the deployment insecurely provisions the 'private' SNMP community string with read/write access by default. The SNMP agent operates with root privileges, allowing an unauthenticated remote attacker to execute arbitrary operating system commands as root. This exploitation takes advantage of 'NET-SNMP-EXTEND-MIB' directives and the presence of a vulnerable net-snmp version prior to 5.8.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution with root privileges on the affected system.

Added: Mar 4, 2026, 8:19 AM

Updated: Mar 4, 2026, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Datacasting Corporation SFX Series SuperFlex Satellite Receiver SNMP Service Unauthenticated Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating