CVE-2026-29127
Received Received - Intake
Insecure File Permissions in IDC SFX2100 Enable Local Privilege Escalation

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: Gridware

Description
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29127
EUVD
EUVD-2026-9523
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datacast sfx2100_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should immediately restrict the permissions on the monitor user's home directory to prevent all users from having read, write, and execute access.

  • Change the directory permissions from 0777 to a more restrictive setting such as 0700 using the command: chmod 700 /home/monitor
  • Verify that only the intended user and privileged processes have access to the directory.
  • Review and monitor the system for any signs of local privilege escalation attempts.
Executive Summary

The vulnerability in the IDC SFX2100 Satellite Receiver involves overly permissive file system permissions set on the monitor user's home directory.

Specifically, the directory is configured with permissions 0777, which means that all local users on the system have read, write, and execute access to it.

Because highly privileged processes and binaries reside within this directory, this misconfiguration may allow local users to escalate their privileges depending on the system conditions.

Impact Analysis

This vulnerability can lead to local privilege escalation, where a user with limited permissions could gain higher privileges on the system.

Such an escalation could allow unauthorized users to execute privileged operations, potentially compromising the security and integrity of the system.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves overly permissive file system permissions (0777) on the monitor user's home directory in the IDC SFX2100 Satellite Receiver. To detect this on your system, you can check the permissions of the relevant user's home directory.

  • Use the command: ls -ld /home/monitor (replace /home/monitor with the actual path if different) to view the directory permissions.
  • Look for permissions showing rwxrwxrwx (0777), which means read, write, and execute access for all users.
  • You can also use find to locate directories with 0777 permissions, for example: find /path/to/search -type d -perm 0777
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart