Auth bypass in Datacast Sfx2100
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the s…
Vulnerability class: Privilege Escalation
EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- b7efe717-a805-47cf-8e9a-921fca0ce0ce (Exploit, Third Party Advisory)
Frequently asked questions
- What is CVE-2026-29127?
- CVE-2026-29127 is a high-severity vulnerability in Datacast Sfx2100, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2026-03-05.
- How severe is CVE-2026-29127?
- High severity. CVSS v3 base score is 7.8 out of 10.