CVE-2026-28775 is a critical vulnerability in the International Datacasting Corporation (IDC) SFX2100 Series SuperFlex SatelliteReceiver's SNMP service. The root cause is the insecure default configuration where the SNMP 'private' community string is provisioned with read/write access without authentication. The SNMP agent runs as root on the device, and it uses a vulnerable version of net-snmp prior to 5.8, which is susceptible to command injection via the NET-SNMP-EXTEND-MIB feature. This feature allows SNMP clients to execute arbitrary shell commands configured on the device. Because the community string is set insecurely by default and no authentication is required, an unauthenticated remote attacker can send crafted SNMP requests to execute arbitrary commands with root privileges. This leads to full system compromise, including the ability to alter device behavior, exfiltrate sensitive data, or disrupt service. The vulnerability affects all devices in the SFX2100 series running the vulnerable net-snmp version. The CVSS 4.0 vector indicates network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No patches or mitigations have been officially released by IDC at the time of publication. No known exploits have been publicly observed, but the ease of exploitation and critical impact make this a severe threat to organizations relying on these satellite receivers.

The impact of CVE-2026-28775 is severe and wide-ranging. Successful exploitation allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected satellite receivers. This can lead to complete device takeover, enabling attackers to manipulate satellite data streams, disrupt communications, or use the device as a foothold for lateral movement within critical networks. Confidentiality is compromised as attackers can access sensitive operational data. Integrity is at risk because attackers can alter device configurations or data transmissions. Availability can be disrupted by malicious commands causing device crashes or denial of service. Given the role of IDC SFX2100 devices in satellite communications, this vulnerability threatens critical infrastructure sectors such as broadcasting, emergency services, military communications, and remote data distribution. The lack of authentication and default insecure configuration significantly increases the risk of widespread exploitation, especially in environments with exposed SNMP services.

Immediate mitigation steps include restricting network access to the SNMP service on IDC SFX2100 devices, ideally limiting it to trusted management networks and blocking access from untrusted sources. Administrators should change the default 'private' SNMP community string to a strong, unique value with read-only permissions or disable SNMP entirely if not required. Network-level controls such as firewall rules and intrusion detection/prevention systems should be configured to detect and block suspicious SNMP traffic, especially NET-SNMP-EXTEND-MIB requests. Monitoring SNMP logs and network traffic for unusual commands or access attempts is critical. Organizations should engage with IDC for official patches or firmware updates addressing the vulnerable net-snmp version and apply them promptly once available. As a longer-term measure, consider segmenting satellite receiver devices from general enterprise networks to reduce exposure. Incident response plans should be updated to include detection and remediation procedures for this vulnerability.