PT-2026-23134 · Idc · Sfx2100 Satellite Receiver

Abdul Mhanni

Publicado

2026-03-05

Atualizado

2026-03-08

CVE-2026-29128

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver (affected versions not specified)

Description The IDC SFX2100 Satellite Receiver firmware includes daemon configuration files (zebra, bgpd, ospfd, and ripd) owned by root but accessible to all users. These files contain hardcoded plaintext passwords, including credentials for privileged access ('enable'). An attacker could exploit these exposed credentials to gain access to other systems on the network, compromise the satellite receiver, or escalate privileges locally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-798

Identificadores relacionados

CVE-2026-29128

Produtos afetados

Sfx2100 Satellite Receiver

PT-2026-23134 · Idc · Sfx2100 Satellite Receiver

CVE-2026-29128

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6