CVE-2026-29120— Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-29120
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver
Source: NVD (National Vulnerability Database)
Vulnerability Description
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the rockyou.txt wordlist. Because direct root SSH login is disabled, an attacker must first obtain low-privileged access to the system (e.g., via other vulnerabilities) to be able to log in as the root user. The password is hardcoded and so allows for an actor with local access on effected versions to escalate to root
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
International Datacasting SFX2100 SuperFlex Satellite Receiver是美国International Datacasting公司的一个专业广播级卫星信号接收设备。 International Datacasting SFX2100 SuperFlex Satellite Receiver存在安全漏洞,该漏洞源于/root/anaconda-ks.cfg安装配置文件不安全地存储了硬编码的root密码哈希,且密码本身强度低易受离线字典攻击,可能导致已获得
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| International Datacasting Corporation | IDC SFX2100 SuperFlex Satellite Receiver | SFX2100 | - |
II. Public POCs for CVE-2026-29120
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-29120
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: International Datacasting Corporation
- CVE-2026-29128
IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config - CVE-2026-29127
Incorrect Permission Assignment(777) on `monitor` Users Home - CVE-2026-29126
World-Writable, Root Owned/Run `/etc/udhcpc/default.script` - CVE-2026-29125
IDC SFX2100 Satellite Receiver allows unprivileged modificat - CVE-2026-29124
Multiple SUID Root Binaries in `monitor` User Home Directory
V. Comments for CVE-2026-29120
No comments yet