Description
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.
Published: 2026-03-05
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation via a world‑writable root‑owned script that runs with root privileges when a DHCP lease event occurs
Action: Immediate Patch
AI Analysis

Impact

The vulnerability stems from an incorrectly permissioned file, /etc/udhcpc/default.script, on the International Datacasting Corporation SFX2100 Satellite Receiver. The script is both root‑owned and world‑writable, allowing a local unprivileged user to modify it with arbitrary content. When a DHCP lease event occurs, the altered script is executed with root privileges, enabling the attacker to run arbitrary commands and achieve local privilege escalation and persistence. This is a classic permission error (CWE‑732) compounded by a design flaw in a privileged component (CWE‑863).

Affected Systems

The vulnerability affects the International Datacasting Corporation SFX2100 Satellite Receiver device. No specific firmware or software version is listed, so any installation that runs the default udhcpc script is potentially impacted.

Risk and Exploitability

The CVSS score of 8.5 rates the vulnerability as high severity, while the EPSS score is below 1 %, indicating a low expected exploitation frequency. The CVE is not listed in the CISA KEV catalog. The flaw is a local one, requiring the attacker to have physical or network access to the device to modify files and trigger DHCP lease events. Once successful, the compromise escalates to root level, granting full control over the device.

Generated by OpenCVE AI on April 16, 2026 at 12:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from International Datacasting that secures /etc/udhcpc/default.script permissions.
  • Change the script file ownership to root and adjust permissions to 600 so that it is no longer world‑writable.
  • Disable the udhcpc DHCP client or configure the device to use a static IP until the permission fix is confirmed.

Generated by OpenCVE AI on April 16, 2026 at 12:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Weaknesses CWE-863
CPEs cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*
cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*
Vendors & Products Datacast
Datacast sfx2100
Datacast sfx2100 Firmware
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver
Vendors & Products International Datacasting Corporation
International Datacasting Corporation sfx2100 Satellite Receiver

Thu, 05 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.
Title World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H/AU:N/R:U'}

Subscriptions

Datacast Sfx2100 Sfx2100 Firmware
International Datacasting Corporation Sfx2100 Satellite Receiver
cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published:

Updated: 2026-03-05T16:59:33.634Z

Reserved: 2026-03-04T07:53:45.786Z

Link: CVE-2026-29126

cve-icon Vulnrichment

Updated: 2026-03-05T16:59:28.712Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T02:16:51.993

Modified: 2026-03-11T18:34:00.420

Link: CVE-2026-29126

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:00:11Z

Weaknesses