Description
International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system compromise.
Published: 2026-03-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote unauthenticated Telnet access enabling system compromise
Action: Immediate Patch
AI Analysis

Impact

Internally hardcoded credentials for the 'admin' account allow a remote, unauthenticated attacker to connect via the Telnet service, directly accessing the SFX2100 Satellite Receiver. The flaw provides full control of the device, raising the potential for configuration changes, data exfiltration, or service disruption. The CVSS score of 8.8 highlights this as a high‑severity weakness, classified as CWE‑798 – insecure default or hardcoded credentials.

Affected Systems

The vulnerability targets the International Datacasting Corporation SFX2100 Series SuperFlex Satellite Receiver. No specific firmware revisions are listed, so all models carrying the default telnet credentials are considered affected.

Risk and Exploitability

Despite a very low EPSS (<1%) and absence from the CISA KEV catalog, the flaw remains exploitable over the open Telnet port. The likely attack vector is a remote Telnet connection using the undocumented admin credentials, which does not require prior authentication or privileged access. The high CVSS score indicates significant impact should exploitation occur. Monitoring for unauthorized telnet sessions is advisable until a vendor patch can be applied.

Generated by OpenCVE AI on April 17, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the receiver to the latest firmware provided by IDC to remove hardcoded credentials.
  • Disable the Telnet service or restrict it to trusted IP ranges using firewall or network segmentation.
  • If the device allows, change the default 'admin' password immediately.

Generated by OpenCVE AI on April 17, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
CPEs cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*
cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*
Vendors & Products Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 05 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared International Datacasting Corporation (idc)
International Datacasting Corporation (idc) sfx2100 Series Superflex Satellitereceiver
Vendors & Products International Datacasting Corporation (idc)
International Datacasting Corporation (idc) sfx2100 Series Superflex Satellitereceiver

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system compromise.
Title Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX2100 Satellite Receiver
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Datacast Sfx2100 Sfx2100 Firmware
International Datacasting Corporation (idc) Sfx2100 Series Superflex Satellitereceiver
cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published:

Updated: 2026-03-05T05:58:16.802Z

Reserved: 2026-03-04T07:53:45.785Z

Link: CVE-2026-29119

cve-icon Vulnrichment

Updated: 2026-03-04T15:01:59.216Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T08:16:14.440

Modified: 2026-03-17T16:55:21.153

Link: CVE-2026-29119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses