Insecure Password Storage in International Datacasting SFX Series SuperFlex Satellite Receiver
CVE-2026-29120

9.2CRITICAL

Key Information:

Vendor: International Datacasting Corporation
Status: Idc Sfx2100 Superflex Satellite Receiver
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation Vulnerability Alert

What is CVE-2026-29120?

The SFX2100 SuperFlex Satellite Receiver by International Datacasting Corporation contains a significant vulnerability whereby the installation configuration file (anaconda-ks.cfg) stores a hardcoded root password hash in an insecure manner. This weak password is at risk of brute-force attacks, particularly utilizing common wordlists, such as rockyou.txt. While direct root SSH login is disabled, an attacker must first gain low-privileged access to the system through other means. If successful, they can escalate their privileges to root, thereby compromising the entire system security.

Affected Version(s)

IDC SFX2100 SuperFlex Satellite Receiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Abdul Mhanni

CVE-2026-29120 Data

JSON