CVE-2026-28775
Published: 04 March 2026
Summary
CVE-2026-28775 is a critical-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the vulnerable net-snmp version prior to 5.8 that enables RCE via NET-SNMP-EXTEND-MIB directives.
Enforces secure configuration settings to change or remove the default read/write 'private' SNMP community string, preventing unauthenticated access.
Requires the SNMP agent to run with least privilege instead of root, limiting the impact of command execution even if exploited.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE via SNMP service exploitation using default RW community string and NET-SNMP-EXTEND-MIB maps to T1190 (Exploit Public-Facing Application). Enables arbitrary OS command execution as root, mapping to T1059.004 (Unix Shell).
NVD Description
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs…
more
as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
Deeper analysisAI
CVE-2026-28775 is an unauthenticated remote code execution (RCE) vulnerability in the SNMP service of the International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The issue stems from the device insecurely provisioning the "private" SNMP community string with read/write access by default. The SNMP agent runs as root and relies on a vulnerable version of net-snmp prior to 5.8, enabling exploitation through NET-SNMP-EXTEND-MIB directives. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1188.
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By leveraging the default read/write SNMP community string, the attacker can issue directives via the NET-SNMP-EXTEND-MIB to execute arbitrary operating system commands with root privileges on the affected device.
Advisories detail the vulnerability in a blog post at https://www.abdulmhsblog.com/posts/sfx2100-vulns/, which covers the SFX2100 vulns and likely includes mitigation guidance, though specific patch details are not enumerated in available descriptions.
Details
- CWE(s)