International Datacasting SuperFlex Satellite Receiver Hardcoded Credential Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in the International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver due to undocumented, hardcoded credentials for the 'xd' user account. This flaw allows remote, unauthenticated attackers to log in via FTP and gain write access to the user's home directory. The 'xd' user has permissions to modify files and symlinks related to root-executed binaries, such as those controlled by 'xdstartstop'. Exploiting this vulnerability could lead to arbitrary code execution with root privileges.

Impact

Successful exploitation allows for arbitrary code execution as the root user.

Added: Mar 4, 2026, 8:18 AM

Updated: Mar 4, 2026, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Datacasting SuperFlex Satellite Receiver Hardcoded Credential Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating