Auth bypass in Datacast Sfx2100

CVE-2026-29127

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the s…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-29127?
CVE-2026-29127 is a high-severity vulnerability in Datacast Sfx2100, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2026-03-05.
How severe is CVE-2026-29127?
High severity. CVSS v3 base score is 7.8 out of 10.