Cyber Resilience

CVE-2026-29119

HighPublic PoC

Published: 04 March 2026

Published
04 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0049 38.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-29119 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-2 (Account Management).

Deeper analysis

CVE-2026-29119, published on 2026-03-04, affects the International Datacasting Corporation (IDC) SFX Series SuperFlex (SFX2100) Satellite Receiver. The vulnerability stems from hardcoded and insecure credentials for the `admin` account, mapped to CWE-798 (Use of Hard-coded Credentials). This flaw enables direct access via the Telnet service and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

A remote unauthenticated attacker can exploit this vulnerability by using the undocumented credentials to log in directly to the satellite system over Telnet. Exploitation requires no privileges or user interaction, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the referenced advisory at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system…

more

compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hardcoded admin credentials enable use of default accounts for remote unauthenticated access via Telnet, leading to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28777Same product: Datacast Sfx2100
CVE-2026-28776Same product: Datacast Sfx2100
CVE-2026-29128Same product: Datacast Sfx2100
CVE-2026-29120Same product: Datacast Sfx2100
CVE-2026-28778Same product: Datacast Sfx2100
CVE-2026-29126Same product: Datacast Sfx2100
CVE-2026-28774Same product: Datacast Sfx2100
CVE-2026-29121Same product: Datacast Sfx2100
CVE-2026-29124Same product: Datacast Sfx2100
CVE-2026-28775Same product: Datacast Sfx2100

Affected Assets

datacast
sfx2100 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates proper authenticator management, including changing default credentials and prohibiting hard-coded ones to prevent unauthorized admin access.

prevent

Requires management of accounts, including disabling unnecessary or default accounts like the hardcoded admin, to block unauthorized access.

prevent

Establishes controls for remote access mechanisms, prohibiting insecure protocols like Telnet that expose hardcoded credentials to remote attackers.

References