Filtered by vendor International Datacasting Corporation
Subscriptions
Filtered by product Sfx2100 Satellite Receiver
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29121 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions. | ||||
| CVE-2026-29122 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files. | ||||
| CVE-2026-29123 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking. | ||||
| CVE-2026-29124 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root | ||||
| CVE-2026-29125 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | ||||
| CVE-2026-29126 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | ||||
| CVE-2026-29127 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory. | ||||
| CVE-2026-29128 | 1 International Datacasting Corporation | 1 Sfx2100 Satellite Receiver | 2026-03-06 | N/A |
| IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) contain hardcoded or otherwise insecure plaintext passwords (including “enable”/privileged-mode credentials). A remote actor is able to abuse the reuse/hardcoded nature of these credentials to further access other systems in the network, gain a foothold on the satellite receiver or potentially locally privilege escalate. | ||||
Page 1 of 1.