CVE-2026-29120

216.73.216.233

· Published 04/03/2026 08:16 · Modified 05/03/2026 06:16

Labels: CVE-2026-29120 2026-03-04 CVE-2026-29120 CWE-798 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published: 04/03/2026 08:16
Modified: 05/03/2026 06:16
Author: —
Creator: —
CVSS: 9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the rockyou.txt wordlist. Because direct root SSH login is disabled, an attacker must first obtain low-privileged access to the system (e.g., via other vulnerabilities) to be able to log in as the root user. The password is hardcoded and so allows for an actor with local access on effected versions to escalate to root

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD: View on NVD

Affected products (CPE)

Product	CPE
international datacasting corporation / sfx series	`cpe:2.3:a:international_datacasting_corporation:sfx_series:sfx2100:::::::*`