What is the CVSS score of CVE-2026-29121?

CVE-2026-29121 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Sfx2100 Firmware are affected by CVE-2026-29121?

IDC SFX2100 satellite receivers in our environment are vulnerable to local privilege escalation attacks due to misconfigured system utilities.

Is there a public PoC exploit available for CVE-2026-29121?

Yes, a public proof-of-concept exploit is available for CVE-2026-29121. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-29121?

Within 24 hours: Inventory all IDC SFX2100 devices in production and document their network role and data sensitivity. Within 7 days: Implement strict physical and logical access controls to limit local user access; restrict SSH/console access to privileged accounts only and enforce multi-factor authentication. Within 30 days: Evaluate replacement or isolation options; contact IDC for patch timelines; consider air-gapping critical SFX2100 units if business operations permit.

Sfx2100 Firmware CVE-2026-29121

HIGH

Improper Privilege Management (CWE-269)

2026-03-05 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Privilege Escalation Sfx2100 Firmware

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 11, 2026 - 18:35 vuln.today

Public exploit code

CVE Published

Mar 05, 2026 - 01:15 nvd

HIGH 7.8

DescriptionCVE.org

International Data Casting (IDC) SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.

AnalysisAI

The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Local user executes setuid /sbin/ip binary

Exploit

Leverage GTFObins technique

Execution

Read sensitive root-owned files

Impact

Escalate privileges to root

Access

Local user executes setuid /sbin/ip binary

Exploit

Leverage GTFObins technique

Execution

Read sensitive root-owned files

Impact

Escalate privileges to root

Vulnerability AssessmentAI

Exploitation	IDC SFX2100 satellite receiver with /sbin/ip binary installed with setuid bit set; local user account required to execute the binary Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all IDC SFX2100 devices in production and document their network role and data sensitivity. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-29121 vulnerability details – vuln.today

Back

Sfx2100 Firmware CVE-2026-29121

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code