CVE-2026-29126
Received Received - Intake
World-Writable Script in IDC SFX2100 Enables Root Privilege Escalation

Publication date: 2026-03-05

Last updated on: 2026-03-11

Assigner: Gridware

Description
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29126
EUVD
EUVD-2026-9518
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datacast sfx2100_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves incorrect permission assignment on the file /etc/udhcpc/default.script in the International Data Casting (IDC) SFX2100 Satellite Receiver. The file is world-writable despite being root-owned, which allows a local unprivileged attacker to modify it.

Because this script is executed by BusyBox udhcpc when a DHCP lease is obtained, renewed, or lost, an attacker can insert arbitrary commands into the script. This leads to local privilege escalation, enabling the attacker to execute commands with root privileges and maintain persistence on the device.

Impact Analysis

The vulnerability can allow a local attacker to gain root-level access on the affected device. This means the attacker can execute arbitrary commands with the highest privileges, potentially compromising the entire system.

Such access can lead to unauthorized control, data manipulation, installation of persistent malware, or disruption of device functionality.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves an incorrect permission assignment making the /etc/udhcpc/default.script file world-writable. To detect this on your system, you can check the permissions of this specific file.

  • Run the command: ls -l /etc/udhcpc/default.script
  • If the file permissions show that it is world-writable (e.g., permissions like -rwxrwxrwx or similar), this indicates the vulnerability is present.
Mitigation Strategies

To mitigate this vulnerability, you should correct the permissions of the /etc/udhcpc/default.script file to remove world-writable access.

  • Run the command: chmod 755 /etc/udhcpc/default.script
  • Ensure the file is owned by root: chown root:root /etc/udhcpc/default.script

These steps will prevent local unprivileged users from modifying the script and executing arbitrary commands with root privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29126. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart