CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29126

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.3%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/
https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Products affected by CVE-2026-29126

Datacast » Sfx2100 » Version: N/A

cpe:2.3:h:datacast:sfx2100:-
Datacast » Sfx2100 Firmware » Version: N/A

cpe:2.3:o:datacast:sfx2100_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29126

Products

Pricing

Contact Us