PT-2026-23134 · Idc · Sfx2100 Satellite Receiver

Abdul Mhanni

Published

2026-03-05

Updated

2026-03-08

CVE-2026-29128

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver (affected versions not specified)

Description The IDC SFX2100 Satellite Receiver firmware includes daemon configuration files (zebra, bgpd, ospfd, and ripd) owned by root but accessible to all users. These files contain hardcoded plaintext passwords, including credentials for privileged access ('enable'). An attacker could exploit these exposed credentials to gain access to other systems on the network, compromise the satellite receiver, or escalate privileges locally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-798

Related Identifiers

CVE-2026-29128

Affected Products

Sfx2100 Satellite Receiver

PT-2026-23134 · Idc · Sfx2100 Satellite Receiver

CVE-2026-29128

Weakness Enumeration

Related Identifiers

Affected Products

References · 6