CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/06 1:34 a.m.•5 views

CVE-2026-29124

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...

RedhatCVE•added 2026/03/06 1:34 a.m.•3 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00148EPSS

RedhatCVE•added 2026/03/05 1:39 p.m.•5 views

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

9.2CVSS5.9AI score0.00142EPSS

RedhatCVE•added 2026/03/05 1:39 p.m.•6 views

CVE-2026-29119

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

9.8CVSS6AI score0.00486EPSS

RedhatCVE•added 2026/03/05 7:51 a.m.•2 views

CVE-2026-28777

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

9.8CVSS6AI score0.00486EPSS

NVD•added 2026/03/05 6:16 a.m.•4 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

10CVSS0.00277EPSS

EUVD•added 2026/03/05 3:31 a.m.•6 views

EUVD-2026-9516

EUVD•added 2026/03/05 3:31 a.m.•1 views

EUVD-2026-9517

IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...

7.1CVSS5.9AI score0.00106EPSS

CVE•added 2026/03/05 2:36 a.m.•7 views

CVE-2026-29127

The CVE-2026-29127 affects the IDC SFX2100 Satellite Receiver, where the monitor user’s home directory is configured with overly permissive permissions (0777). This enables local privilege escalation because highly privileged processes and binaries in that directory could be exploited by any loca...

9.2CVSS6AI score0.00169EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/05 2:36 a.m.•5 views

CVE-2026-29127 Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...

9.2CVSS6AI score0.00169EPSS

NVD•added 2026/03/05 2:16 a.m.•3 views

CVE-2026-29125

7.1CVSS0.00106EPSS

Cvelist•added 2026/03/05 1:51 a.m.•26 views

CVE-2026-29126 World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS0.00142EPSS

Cvelist•added 2026/03/05 1:38 a.m.•27 views

CVE-2026-29125 IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due to world-writable `/etc/resolv.conf`

7.1CVSS0.00106EPSS

Vulnrichment•added 2026/03/05 1:23 a.m.•4 views

CVE-2026-29124 Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation

ATTACKERKB•added 2026/03/05 1:23 a.m.•3 views

CVE-2026-29124

CVE•added 2026/03/05 12:53 a.m.•9 views

CVE-2026-29122

IDC SFX2100 ships with /bin/date with setuid, enabling local user to perform privileged reads as root. The vulnerability arises from a setuid binary in the local filesystem, allowing bypass of normal permissions and exposure of sensitive files (e.g., /etc/shadow). Impact is described as high conf...

9.2CVSS6AI score0.00139EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/05 12:53 a.m.•27 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

9.2CVSS0.00139EPSS

Cvelist•added 2026/03/05 12:48 a.m.•30 views

CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

9.2CVSS0.00148EPSS

CNNVD•added 2026/03/05 12:0 a.m.•4 views

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the presence of binary...