Description
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure plaintext passwords (including “enable”/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate.
Published: 2026-03-05
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential disclosure enabling privileged access
Action: Patch
AI Analysis

Impact

The SFX2100 firmware contains configuration files for routing daemons that are owned by root but world‑readable. These files embed hard‑coded plaintext passwords, including privileged‑mode credentials. This flaw represents information exposure through hard‑coded credentials (CWE-522) and the use of hard‑coded passwords (CWE-798). An attacker who can read the files gains valid authentication tokens that can be used to elevate privileges on the satellite receiver or to access other networked devices, thereby jeopardizing confidentiality, integrity, and availability.

Affected Systems

International Datacasting Corporation’s SFX2100 Satellite Receiver. All firmware builds that ship the vulnerable routing daemon configuration files are affected; specific firmware identifiers are not listed in the advisory.

Risk and Exploitability

The CVSS score of 8.6 classifies this vulnerability as high severity. The EPSS score of less than 1% indicates low current exploitation probability, but the required condition—read access to a file—is a common misconfiguration. The vulnerability is not listed in CISA’s KEV catalog. Because the exploit requires only local or remote read access to the filesystem, the attack vector is likely through a management interface or an exposed admin account. Once the credentials are retrieved, the attacker can authenticate as a privileged user and potentially pivot to other infrastructure devices.

Generated by OpenCVE AI on April 18, 2026 at 09:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor‑released firmware update that removes or secures the world‑readable routing daemon configuration files.
  • After installing the update, change all embedded privileged‑level passwords and restrict routing daemon access to trusted accounts only.
  • Reconfigure the filesystem so that the configuration files are readable only by the owning account (e.g., set permissions to 600 and ownership to root).

Generated by OpenCVE AI on April 18, 2026 at 09:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
CPEs cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*
cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*
Vendors & Products Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Metrics cvssV3_1

{'score': 10.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver
Vendors & Products International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver

Thu, 05 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure plaintext passwords (including “enable”/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate.
Title IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files
Weaknesses CWE-522
CWE-798
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Datacast Sfx2100 Sfx2100 Firmware
International Datacasting Corporation Sfx2100 Satellite Receiver
cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published:

Updated: 2026-03-05T17:22:34.882Z

Reserved: 2026-03-04T07:53:45.786Z

Link: CVE-2026-29128

cve-icon Vulnrichment

Updated: 2026-03-05T17:22:29.407Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T06:16:51.743

Modified: 2026-03-09T18:36:42.593

Link: CVE-2026-29128

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:00:10Z

Weaknesses