DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-29126

High

Low Medium High Critical

7.8

CVSS Score

Published: Mar 05, 2026

Last Modified: Mar 11, 2026

CWE: CWE-732

Vulnerability Description

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

1 configuration(s) from 1 vendor(s)

sfx2100_firmware

Version:

CPE:

cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class