Description
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root
Published: 2026-03-05
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Update
AI Analysis

Impact

The vulnerability arises from several SUID root binaries located in the /home/monitor directories of the International Datacasting SFX2100 satellite receiver. Because these executables run with root privileges, any local user who can log in as monitor can execute them and thereby gain root access, bypassing normal access controls. This is a classic privilege‑escalation flaw (CWE‑269).

Affected Systems

The affected product is the International Datacasting Corporation SFX2100 Satellite Receiver, including its firmware. All installations that contain the monitor home directory with the listed binaries are vulnerable.

Risk and Exploitability

The CVSS score of 8.6 classifies this as a high‑severity issue. The EPSS score is less than 1 %, indicating a low but nonzero likelihood of exploitation. The flaw requires local access to the monitor account, so the attack vector is local. It is inferred that the attacker must have some type of access that enables them to log in as monitor, but this is not explicitly stated in the CVE data. The vulnerability is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 17, 2026 at 12:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update from International Datacasting that removes or secures the SUID binaries.
  • If no update is available, use chmod u‑s on the affected binaries to remove the SUID flag and change ownership to a non‑root user.
  • Restrict or disable the monitor user account, or restrict external access to the /home/monitor directory to prevent local execution of these binaries.

Generated by OpenCVE AI on April 17, 2026 at 12:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*
cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*
Vendors & Products Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver
Vendors & Products International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver

Thu, 05 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root
Title Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Datacast Sfx2100 Sfx2100 Firmware
International Datacasting Corporation Sfx2100 Satellite Receiver
cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published:

Updated: 2026-03-05T16:38:43.548Z

Reserved: 2026-03-04T07:53:45.786Z

Link: CVE-2026-29124

cve-icon Vulnrichment

Updated: 2026-03-05T16:38:40.633Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T02:16:51.687

Modified: 2026-03-11T18:35:30.130

Link: CVE-2026-29124

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:00:12Z

Weaknesses