IDC SFX Series SuperFlex Satellite Receiver Exposes Admin Credentials

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

IDC SFX Series SuperFlex Satellite Receiver Exposes Admin Credentials

CVE-2026-29119

Summary

The IDC SFX Series SuperFlex Satellite Receiver has hardcoded and easily guessable admin account credentials. This allows an attacker to remotely access the system without a password, potentially giving them control over the satellite system. Update to the latest software to fix this issue.

Original title

Original description

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system compromise.

nvd CVSS4.0 8.8

Vulnerability type

CWE-798 Use of Hard-coded Credentials

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026