CVE-2026-29122

High CVSS: 8.3

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.

Vendor

Datacast

Product

Sfx2100 Firmware

CWE

CWE-269

Yayın Tarihi

2026-03-05 02:16:51

Güncelleme

2026-03-11 18:35:46

Source Identifier

b7efe717-a805-47cf-8e9a-921fca0ce0ce

KEV Date Added

Kategoriler

CWE-269 Sfx2100 Firmware HIGH Datacast 2026

Referanslar

https://gtfobins.org/gtfobins/date/ https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Benzer Kayıtlar

High

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zeb…

Critical

CVE-2026-29127

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory.…

High

CVE-2026-29123

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a l…

High

CVE-2026-29124

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DP…

High

CVE-2026-29125

IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS reso…

High

CVE-2026-29126

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC)…