CVE-2026-29122

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gtfobins.org/gtfobins/date/	Exploit
https://www.abdulmhsblog.com/posts/sfx2100-vulns/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-05 02:16

Updated : 2026-03-11 18:35

NVD link : CVE-2026-29122

Mitre link : CVE-2026-29122

CVE.ORG link : CVE-2026-29122

JSON object : View

Products Affected

datacast

sfx2100_firmware
sfx2100

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2026-29122", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-05T02:16:51.373", "references": [{"url": "https://gtfobins.org/gtfobins/date/", "tags": ["Exploit"], "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}, {"url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/", "tags": ["Exploit", "Third Party Advisory"], "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date`\u00a0utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files."}, {"lang": "es", "value": "El receptor de sat\u00e9lite International Data Casting (IDC) SFX2100 viene con la utilidad `/bin/date` instalada con el bit setuid establecido. Esta configuraci\u00f3n otorga privilegios elevados a cualquier usuario local que pueda ejecutar el binario. Un actor local puede usar el recurso GTFObins para realizar lecturas de archivos privilegiadas como el usuario root en el sistema de archivos local. Esto permite a un actor poder leer cualquier archivo de solo lectura de root, como el archivo /etc /shadow u otros archivos que contienen configuraci\u00f3n o secretos."}], "lastModified": "2026-03-11T18:35:46.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C57B6A9-CAF9-4C8A-85FC-562E16F291FE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A3BC5C9-39D5-4908-B470-A46E9ECFD6AB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}