Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
IDC SFX2100 Satellite Receiver: Weak User Account Password
CVE-2026-28777
Summary
A weak password for the 'user' account on the IDC SFX2100 Satellite Receiver allows an attacker to access the system remotely without a password. This can lead to unauthorized access and potentially allow an attacker to take control of the system. To protect your system, change the password for the 'user' account to a strong, unique password and ensure it's not easily guessable.
Original title
International Datacasting Corporation (IDC)
SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH ...
Original description
International Datacasting Corporation (IDC)
SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a complete pty to gain an appropriately interactive shell.
SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a complete pty to gain an appropriately interactive shell.
nvd CVSS4.0
9.2
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026