CVE-2026-29127 CRITICAL

CVE-2026-29127: Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100

Vendor International Datacasting Corporation
Product SFX2100 Satellite Receiver
Weakness CWE-269
Published March 5, 2026
Last update March 5, 2026

CVSS base score

9.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
March 5, 2026 Record updated