What is the CVSS score of CVE-2026-29127?

CVE-2026-29127 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Sfx2100 Firmware are affected by CVE-2026-29127?

The IDC SFX2100 Satellite Receiver contains a file system permissions vulnerability that could allow unauthorized access to sensitive monitoring data and system configurations.

Is there a public PoC exploit available for CVE-2026-29127?

Yes, a public proof-of-concept exploit is available for CVE-2026-29127. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-29127?

Within 24 hours: Identify all IDC SFX2100 devices in your environment and document their network locations and data sensitivity classification. Within 7 days: Implement network segmentation to restrict access to affected devices to authorized personnel only; disable remote administrative access where operationally feasible. Within 30 days: Establish continuous monitoring for unauthorized file access attempts; contact IDC for patch timelines and escalate to executive leadership if production systems cannot be isolated.

Sfx2100 Firmware CVE-2026-29127

HIGH

Improper Privilege Management (CWE-269)

2026-03-05 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Privilege Escalation Sfx2100 Firmware

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 18:42 vuln.today

Public exploit code

CVE Published

Mar 05, 2026 - 03:15 nvd

HIGH 7.8

DescriptionCVE.org

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.

AnalysisAI

Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local system access as unprivileged user

Exploit

Access monitor home directory with 0777 permissions

Execution

Modify privileged binaries or processes

Impact

Execute arbitrary code with elevated privileges

Access

Gain local system access as unprivileged user

Exploit

Access monitor home directory with 0777 permissions

Execution

Modify privileged binaries or processes

Impact

Execute arbitrary code with elevated privileges

Vulnerability AssessmentAI

Exploitation	Local user account access required on IDC SFX2100 Satellite Receiver where monitor home directory is configured with 0777 permissions (read/write/execute for all users). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all IDC SFX2100 devices in your environment and document their network locations and data sensitivity classification. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-29127 vulnerability details – vuln.today

Back

Sfx2100 Firmware CVE-2026-29127

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code