CVE-2026-28777

UNKNOWN 0.0

Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX2100 Satellite Receiver

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a complete pty to gain an appropriately interactive shell.

CWE	CWE-798
Vendor	international datacasting corporation (idc)
Product	sfx2100 satellite receiver
Published	Mar 4, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for international datacasting corporation (idc) sfx2100 satellite receiver

Be the first to know when new unknown vulnerabilities affecting international datacasting corporation (idc) sfx2100 satellite receiver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

International Datacasting Corporation (IDC) / SFX2100 Satellite Receiver

SFX2100

References

NVD ↗ CVE.org ↗ EPSS Data ↗

abdulmhsblog.com: https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Credits

Abdul Mhanni