CVE-2026-29126
World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.
| CWE | CWE-732 |
| Vendor | international datacasting corporation |
| Product | sfx2100 satellite receiver |
| Published | Mar 5, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for international datacasting corporation sfx2100 satellite receiver
Be the first to know when new unknown vulnerabilities affecting international datacasting corporation sfx2100 satellite receiver are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
International Datacasting Corporation / SFX2100 Satellite Receiver
SFX2100
References
Credits
Abdul Mhanni