CVE-2026-29126
World-Writable Script in IDC SFX2100 Enables Root Privilege Escalation
Publication date: 2026-03-05
Last updated on: 2026-03-11
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacast | sfx2100_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves incorrect permission assignment on the file /etc/udhcpc/default.script in the International Data Casting (IDC) SFX2100 Satellite Receiver. The file is world-writable despite being root-owned, which allows a local unprivileged attacker to modify it.
Because this script is executed by BusyBox udhcpc when a DHCP lease is obtained, renewed, or lost, an attacker can insert arbitrary commands into the script. This leads to local privilege escalation, enabling the attacker to execute commands with root privileges and maintain persistence on the device.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to gain root-level access on the affected device. This means the attacker can execute arbitrary commands with the highest privileges, potentially compromising the entire system.
Such access can lead to unauthorized control, data manipulation, installation of persistent malware, or disruption of device functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an incorrect permission assignment making the /etc/udhcpc/default.script file world-writable. To detect this on your system, you can check the permissions of this specific file.
- Run the command: ls -l /etc/udhcpc/default.script
- If the file permissions show that it is world-writable (e.g., permissions like -rwxrwxrwx or similar), this indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should correct the permissions of the /etc/udhcpc/default.script file to remove world-writable access.
- Run the command: chmod 755 /etc/udhcpc/default.script
- Ensure the file is owned by root: chown root:root /etc/udhcpc/default.script
These steps will prevent local unprivileged users from modifying the script and executing arbitrary commands with root privileges.