CVE-2026-28777
CVE-2026-28777
9.2
CriticalPublished:
Last updated:
Source:b7efe717-a805-47cf-8e9a-921fca0ce0ce
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a complete pty to gain an appropriately interactive shell.
References
b7efe717-a805-47cf-8e9a-921fca0ce0ce
https://www.abdulmhsblog.com/posts/sfx2100-vulns/