Cyber Posture

CVE-2026-29119

CriticalPublic PoC

Published: 04 March 2026

Published
04 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 63.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-29119 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 36.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-2 (Account Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

Directly mandates proper authenticator management, including changing default credentials and prohibiting hard-coded ones to prevent unauthorized admin access.

AC-2 Account Management good match
prevent

Requires management of accounts, including disabling unnecessary or default accounts like the hardcoded admin, to block unauthorized access.

AC-17 Remote Access good match
prevent

Establishes controls for remote access mechanisms, prohibiting insecure protocols like Telnet that expose hardcoded credentials to remote attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

Hardcoded admin credentials enable use of default accounts for remote unauthenticated access via Telnet, leading to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system…

more

compromise.

Deeper analysisAI

CVE-2026-29119, published on 2026-03-04, affects the International Datacasting Corporation (IDC) SFX Series SuperFlex (SFX2100) Satellite Receiver. The vulnerability stems from hardcoded and insecure credentials for the `admin` account, mapped to CWE-798 (Use of Hard-coded Credentials). This flaw enables direct access via the Telnet service and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

A remote unauthenticated attacker can exploit this vulnerability by using the undocumented credentials to log in directly to the satellite system over Telnet. Exploitation requires no privileges or user interaction, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the referenced advisory at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.

Details

CWE(s)
CWE-798

Affected Products

datacast
sfx2100 firmware
all versions

CVEs Like This One

CVE-2026-28777Same product: Datacast Sfx2100
CVE-2026-28776Same product: Datacast Sfx2100
CVE-2026-28778Same product: Datacast Sfx2100
CVE-2026-29120Same product: Datacast Sfx2100
CVE-2026-29128Same product: Datacast Sfx2100
CVE-2026-29126Same product: Datacast Sfx2100
CVE-2026-28775Same product: Datacast Sfx2100
CVE-2026-28774Same product: Datacast Sfx2100
CVE-2026-29124Same product: Datacast Sfx2100
CVE-2026-29127Same product: Datacast Sfx2100

References