International Datacasting SFX Series SuperFlex Satellite Receiver Hardcoded Root Password Hash Vulnerability

Vulnerability

A vulnerability exists in the International Datacasting Corporation (IDC) SFX Series (SFX2100) SuperFlex Satellite Receiver due to the /root/anaconda-ks.cfg installation configuration file insecurely storing the hardcoded root password hash. This password is weak and can be cracked using offline dictionary attacks with the rockyou.txt wordlist. Although direct root SSH access is disabled, an attacker must first gain low-privileged access to the system through other vulnerabilities to log in as the root user. Once access is obtained, the hardcoded password allows for escalation to root privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized root access on the affected system.

Added: Mar 4, 2026, 8:18 AM

Updated: Mar 4, 2026, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Datacasting SFX Series SuperFlex Satellite Receiver Hardcoded Root Password Hash Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating