CVE-2026-29121
Setuid Misconfiguration in IDC SFX2100 Enables Privilege Escalation
Publication date: 2026-03-05
Last updated on: 2026-03-11
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacast | sfx2100_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in CVE-2026-29121 involves the International Data Casting (IDC) SFX2100 satellite receiver's `/sbin/ip` utility, which is installed with the setuid bit set. This means any local user executing this binary gains elevated privileges."}, {'type': 'paragraph', 'content': 'Specifically, the `ip` executable does not drop elevated privileges when run with sudo or with the SUID bit set, allowing a local attacker to escalate privileges by spawning interactive shells within network namespaces or reading privileged files on the local filesystem.'}, {'type': 'paragraph', 'content': 'The exploit requires the Linux kernel to have network namespaces enabled (`CONFIG_NET_NS=y`). Using commands like `ip netns exec foo /bin/sh -p`, an attacker can gain a root shell. Additionally, the attacker can read files with elevated privileges using `ip -force -batch /path/to/input-file`.'}] [1]
How can this vulnerability impact me? :
This vulnerability allows a local attacker to escalate their privileges to root on the affected system.
- Gain root shell access by exploiting network namespaces.
- Perform privileged file reads on the local filesystem, potentially exposing sensitive data.
- Potentially execute other privileged actions due to retained elevated privileges.
Overall, this can lead to full system compromise by any local user who can execute the vulnerable binary.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the `/sbin/ip` utility is installed with the setuid bit set, which grants elevated privileges to local users.
You can test the vulnerability by attempting to spawn a privileged shell or read files using the `ip` command with network namespaces or batch file reading options.
- Check if the `ip` binary has the SUID bit set: `ls -l /sbin/ip`
- Attempt to spawn a privileged shell using network namespaces: ``` ip netns add foo ip netns exec foo /bin/sh -p ip netns delete foo ```
- Attempt to read a file with elevated privileges: ``` ip -force -batch /path/to/input-file ```
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing the setuid bit from the `/sbin/ip` binary to prevent it from running with elevated privileges.
Alternatively, restrict local user access to the vulnerable binary or apply system updates or patches that address this privilege escalation issue.