Cyber Resilience

CVE-2026-29128

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-29128 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-29128 affects the firmware of the IDC SFX2100 Satellite Receiver, where multiple daemon configuration files for routing components, such as zebra.conf, bgpd.conf, ospfd.conf, and ripd.conf, are owned by root but world-readable. These files contain hardcoded or otherwise insecure plaintext passwords, including enable or privileged-mode credentials, violating CWE-522 (Insufficiently Protected Credentials) and CWE-798 (Use of Hard-coded Credentials). The vulnerability carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility and comprehensive impact.

A remote attacker with no required privileges can exploit this vulnerability over the network with low complexity. By reading the exposed configuration files, the attacker can extract the hardcoded credentials and reuse them to access other systems on the network, establish a foothold on the satellite receiver itself, or potentially achieve local privilege escalation.

Mitigation details are available in advisories referenced at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure…

more

plaintext passwords (including “enable”/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

World-readable config files with hardcoded plaintext passwords directly enable credential discovery from files (T1552.001) and subsequent use of those valid/default accounts for access/foothold (T1078.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29119Same product: Datacast Sfx2100
CVE-2026-28777Same product: Datacast Sfx2100
CVE-2026-28776Same product: Datacast Sfx2100
CVE-2026-29120Same product: Datacast Sfx2100
CVE-2026-28778Same product: Datacast Sfx2100
CVE-2026-29126Same product: Datacast Sfx2100
CVE-2026-28774Same product: Datacast Sfx2100
CVE-2026-28775Same product: Datacast Sfx2100
CVE-2026-29121Same product: Datacast Sfx2100
CVE-2026-29124Same product: Datacast Sfx2100

Affected Assets

datacast
sfx2100 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates secure configuration settings for firmware components, directly addressing world-readable daemon configuration files containing hardcoded plaintext credentials.

prevent

Enforces least privilege to restrict unauthorized read access to sensitive root-owned configuration files with privileged credentials.

prevent

Requires proper authenticator management that prohibits embedding hardcoded plaintext passwords in world-readable firmware configuration files.

References