What is the CVSS score of CVE-2026-29126?

CVE-2026-29126 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Sfx2100 Firmware are affected by CVE-2026-29126?

A high-severity vulnerability in Sfx2100 firmware allows unauthorized access to critical resources due to improper permission controls, affecting all unpatched devices up to the latest version.

Is there a public PoC exploit available for CVE-2026-29126?

Yes, a public proof-of-concept exploit is available for CVE-2026-29126. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-29126?

Within 24 hours: Inventory all Sfx2100 devices in production and development environments; isolate or restrict network access to affected systems if operationally feasible. Within 7 days: Implement compensating controls including network segmentation, access logging, and WAF rules to block exploitation attempts; contact vendor for patch timeline. Within 30 days: Apply vendor patch immediately upon release; conduct forensic review of logs for signs of prior exploitation.

Sfx2100 Firmware CVE-2026-29126

HIGH

Incorrect Permission Assignment for Critical Resource (CWE-732)

2026-03-05 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Privilege Escalation Sfx2100 Firmware

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 11, 2026 - 18:34 vuln.today

Public exploit code

CVE Published

Mar 05, 2026 - 02:16 nvd

HIGH 7.8

DescriptionCVE.org

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.

AnalysisAI

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Local attacker gains system access

Delivery

Modify world-writable /etc/udhcpc/default.script

Exploit

Inject malicious commands

Execution

DHCP event triggers script execution

Impact

Arbitrary code executes as root

Access

Local attacker gains system access

Delivery

Modify world-writable /etc/udhcpc/default.script

Exploit

Inject malicious commands

Execution

DHCP event triggers script execution

Impact

Arbitrary code executes as root

Vulnerability AssessmentAI

Exploitation	Local unprivileged user account access required on IDC SFX2100 Satellite Receiver. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Sfx2100 devices in production and development environments; isolate or restrict network access to affected systems if operationally feasible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-29126 vulnerability details – vuln.today

Back

Sfx2100 Firmware CVE-2026-29126

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code