Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.3
IDC SFX2100 Satellite Receiver: Elevated Privileges via Misconfigured Utility
CVE-2026-29122
Summary
The IDC SFX2100 satellite receiver has a security issue that allows any local user to access sensitive files, such as passwords and configuration settings, by exploiting a misconfigured utility. This is a concern because it could allow unauthorized access to sensitive information. To mitigate this, the setuid bit should be removed from the affected utility to prevent local users from gaining elevated privileges.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| datacast | sfx2100_firmware | All versions | – |
Original title
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who...
Original description
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.
nvd CVSS4.0
8.3
Vulnerability type
CWE-269
Improper Privilege Management
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026