CVE-2026-29119 HIGH

CVE-2026-29119: Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX2100 Satellite Receiver

Vendor International Datacasting Corporation (Idc)
Product SFX2100 Series SuperFlex SatelliteReceiver
Weakness CWE-798 · Hardcoded credentials
Published March 4, 2026
Last update March 5, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

What the vulnerability does

01Description

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system compromise.

Key dates

02Disclosure timeline

March 4, 2026 CVE published
March 5, 2026 Record updated