CVE-2026-29119
Published: 04 March 2026
Description
International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system…
more
compromise.
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates proper authenticator management, including changing default credentials and prohibiting hard-coded ones to prevent unauthorized admin access.
Requires management of accounts, including disabling unnecessary or default accounts like the hardcoded admin, to block unauthorized access.
Establishes controls for remote access mechanisms, prohibiting insecure protocols like Telnet that expose hardcoded credentials to remote attackers.
Security SummaryAI
CVE-2026-29119, published on 2026-03-04, affects the International Datacasting Corporation (IDC) SFX Series SuperFlex (SFX2100) Satellite Receiver. The vulnerability stems from hardcoded and insecure credentials for the `admin` account, mapped to CWE-798 (Use of Hard-coded Credentials). This flaw enables direct access via the Telnet service and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
A remote unauthenticated attacker can exploit this vulnerability by using the undocumented credentials to log in directly to the satellite system over Telnet. Exploitation requires no privileges or user interaction, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability.
Mitigation details are available in the referenced advisory at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded admin credentials enable use of default accounts for remote unauthenticated access via Telnet, leading to full system compromise.