CVE-2026-29127

Critical CVSS: 9.2

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.

Vendor

Datacast

Product

Sfx2100 Firmware

CWE

CWE-269

Yayın Tarihi

2026-03-05 03:15:54

Güncelleme

2026-03-09 18:42:33

Source Identifier

b7efe717-a805-47cf-8e9a-921fca0ce0ce

KEV Date Added

Kategoriler

CWE-269 Sfx2100 Firmware CRITICAL Datacast 2026

Referanslar

https://www.abdulmhsblog.com/posts/sfx2100-vulns/ https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Benzer Kayıtlar

High

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zeb…

High

CVE-2026-29122

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid…

High

CVE-2026-29123

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a l…

High

CVE-2026-29124

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DP…

High

CVE-2026-29125

IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS reso…

High

CVE-2026-29126

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC)…