Vulnerability Details CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure plaintext passwords (including “enable”/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.1%
CVSS Severity
CVSS v3 Score 10.0
References
Products affected by CVE-2026-29128
-
cpe:2.3:h:datacast:sfx2100:-
-
cpe:2.3:o:datacast:sfx2100_firmware:-