Description
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.
Published: 2026-02-17
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists because the RBG-100 recycler system includes executable binaries that are writable by unprivileged local users while being run by the root account. This file permission flaw allows an attacker with local access to replace or modify these binaries, which then execute with root privileges, thereby enabling arbitrary command execution as root. The weakness directly maps to the incorrect permission vulnerability identified by CWE-732.

Affected Systems

Glory Global Solutions’ RBG-100 recycler systems that run the ISPK-08 software component are affected. No specific version numbers are cited, but all installations of this model that use the mentioned component are potentially impacted.

Risk and Exploitability

The CVSS score of 8.5 reflects a high severity, and the EPSS score of less than 1% indicates that at the time of this analysis there is a very low probability of public exploitation. The vulnerability is not listed in the CISA KEV catalog, reducing the likelihood of it being actively exploited in the wild. However, the local nature of the attack means that any user who gains physical or privileged local access to the device can exploit the flaw, potentially escalating privileges to root. The combination of a high CVSS score and the low EPSS suggests that while current exploitation risk is modest, the impact remains significant enough to warrant timely remediation.

Generated by OpenCVE AI on April 17, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware or software update from Glory Global Solutions that fixes the incorrect file permissions on root‑executed binaries.
  • Manually set the permissions of all binaries that run as root to be owned by root with mode 700, ensuring they are not writable by non‑privileged users.
  • Deploy a file integrity monitoring solution on the recycler to detect unauthorized modifications to critical binaries and alert administrators.

Generated by OpenCVE AI on April 17, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Glory Global Solutions
Glory Global Solutions rbg-100
Vendors & Products Glory Global Solutions
Glory Global Solutions rbg-100

Tue, 17 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
Description Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.
Title Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Glory Global Solutions Rbg-100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-18T15:34:29.775Z

Reserved: 2026-01-14T16:55:09.103Z

Link: CVE-2026-23648

cve-icon Vulnrichment

Updated: 2026-02-17T19:49:05.959Z

cve-icon NVD

Status : Deferred

Published: 2026-02-17T17:21:05.193

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses