IDC SFX Series Receiver Has Hidden SSH Credentials

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

IDC SFX Series Receiver Has Hidden SSH Credentials

CVE-2026-28776

Summary

The International Datacasting Corporation's SFX Series SuperFlex SatelliteReceiver has pre-set login credentials for an administrator account. This means that anyone can access the system remotely without a password. To protect your system, update the credentials or change the default access settings as soon as possible.

Original title

Original description

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell, the attacker can trivially break out to achieve standard shell functionality.

nvd CVSS4.0 7.8

Vulnerability type

CWE-798 Use of Hard-coded Credentials

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026