CVE-2026-29128
IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure plaintext passwords (including βenableβ/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate.
| CWE | CWE-522 CWE-798 |
| Vendor | international datacasting corporation |
| Product | sfx2100 satellite receiver |
| Published | Mar 5, 2026 |
| Last Updated | Mar 5, 2026 |
Get instant alerts for international datacasting corporation sfx2100 satellite receiver
Be the first to know when new unknown vulnerabilities affecting international datacasting corporation sfx2100 satellite receiver are published β delivered to Slack, Telegram or Discord.