CVE-2026-29122
Received Received - Intake
Setuid Date Utility in IDC SFX2100 Enables Root File Read Access

Publication date: 2026-03-05

Last updated on: 2026-03-11

Assigner: Gridware

Description
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29122
EUVD
EUVD-2026-9514
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datacast sfx2100_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

[{'type': 'paragraph', 'content': 'The vulnerability in CVE-2026-29122 involves the International Data Casting (IDC) SFX2100 satellite receiver having the `/bin/date` utility installed with the setuid bit set. This means the `date` command runs with elevated (root) privileges regardless of the user executing it.'}, {'type': 'paragraph', 'content': "An attacker with local access can exploit this by using the `date` command's `-f` option to read arbitrary files on the system with root privileges. Although the file content is altered during processing, this still allows privileged reading of sensitive files such as `/etc/shadow`."}] [1]

Impact Analysis

This vulnerability allows any local user to read sensitive root-owned files on the system without authorization. This can lead to exposure of critical information such as password hashes or configuration secrets.

Such unauthorized access can compromise system security, potentially enabling further attacks like privilege escalation or unauthorized access to confidential data.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the /bin/date utility on the system has the setuid bit set, which grants it elevated privileges.'}, {'type': 'list_item', 'content': 'Run the command: ls -l /bin/date'}, {'type': 'list_item', 'content': "If the output shows an 's' in the user permission bits (e.g., -rwsr-xr-x), the setuid bit is set."}, {'type': 'paragraph', 'content': 'Additionally, you can test if the date command can read privileged files by attempting to read /etc/shadow using the following command:'}, {'type': 'list_item', 'content': 'sudo /bin/date -f /etc/shadow'}, {'type': 'paragraph', 'content': 'If the command outputs content from /etc/shadow or other root-only files, the vulnerability is present.'}] [1]

Mitigation Strategies

Immediate mitigation steps include removing the setuid bit from the /bin/date utility to prevent it from running with elevated privileges.

  • Run the command: sudo chmod u-s /bin/date

Alternatively, restrict access to the /bin/date binary so that only trusted users can execute it.

Consider applying vendor patches or updates if available that address this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29122. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart