CVE-2026-29126

216.73.216.226

· Published 05/03/2026 02:16 · Modified 05/03/2026 19:38

Labels: CVE-2026-29126 2026-03-05 CVE-2026-29126 CWE-732 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published: 05/03/2026 02:16
Modified: 05/03/2026 19:38
Author: —
Creator: —
CVSS: 8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD: View on NVD

Affected products (CPE)

Product	CPE
international data casting / sfx2100 satellite receiver	`cpe:2.3:a:international_data_casting:sfx2100_satellite_receiver::::::::`