CVE-2026-29121
Received Received - Intake
Setuid Misconfiguration in IDC SFX2100 Enables Privilege Escalation

Publication date: 2026-03-05

Last updated on: 2026-03-11

Assigner: Gridware

Description
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29121
EUVD
EUVD-2026-9513
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datacast sfx2100_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The vulnerability in CVE-2026-29121 involves the International Data Casting (IDC) SFX2100 satellite receiver's `/sbin/ip` utility, which is installed with the setuid bit set. This means any local user executing this binary gains elevated privileges."}, {'type': 'paragraph', 'content': 'Specifically, the `ip` executable does not drop elevated privileges when run with sudo or with the SUID bit set, allowing a local attacker to escalate privileges by spawning interactive shells within network namespaces or reading privileged files on the local filesystem.'}, {'type': 'paragraph', 'content': 'The exploit requires the Linux kernel to have network namespaces enabled (`CONFIG_NET_NS=y`). Using commands like `ip netns exec foo /bin/sh -p`, an attacker can gain a root shell. Additionally, the attacker can read files with elevated privileges using `ip -force -batch /path/to/input-file`.'}] [1]

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges to root on the affected system.

  • Gain root shell access by exploiting network namespaces.
  • Perform privileged file reads on the local filesystem, potentially exposing sensitive data.
  • Potentially execute other privileged actions due to retained elevated privileges.

Overall, this can lead to full system compromise by any local user who can execute the vulnerable binary.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the `/sbin/ip` utility is installed with the setuid bit set, which grants elevated privileges to local users.

You can test the vulnerability by attempting to spawn a privileged shell or read files using the `ip` command with network namespaces or batch file reading options.

  • Check if the `ip` binary has the SUID bit set: `ls -l /sbin/ip`
  • Attempt to spawn a privileged shell using network namespaces: ``` ip netns add foo ip netns exec foo /bin/sh -p ip netns delete foo ```
  • Attempt to read a file with elevated privileges: ``` ip -force -batch /path/to/input-file ```
Mitigation Strategies

Immediate mitigation steps include removing the setuid bit from the `/sbin/ip` binary to prevent it from running with elevated privileges.

Alternatively, restrict local user access to the vulnerable binary or apply system updates or patches that address this privilege escalation issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29121. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart