CVE-2026-29123

HighPublic PoCLPE

Published: 05 March 2026

Published

05 March 2026

Modified

11 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-29123 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

AC-6 enforces least privilege by restricting SUID root binaries to only necessary privileges, directly preventing local privilege escalation via exploitation of the vulnerable XDTerminal binary.

CM-7 Least Functionality good match

prevent

CM-7 prohibits or restricts unnecessary functionality such as risky SUID root binaries, mitigating execution of the vulnerable XDTerminal and associated escalation risks.

CM-6 Configuration Settings good match

prevent

CM-6 mandates secure configuration settings like absolute paths, noexec mounts, and restricted library paths to block PATH hijacking, symlink abuse, and shared object hijacking in the SUID binary.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1548.001 Setuid and Setgid Privilege Escalation

An adversary may abuse configurations where an application has the setuid or setgid bits set in order to get code running in a different (and possibly more privileged) user’s context.

attack.mitre.org →

T1574.006 Dynamic Linker Hijacking Stealth

Adversaries may execute their own malicious payloads by hijacking environment variables the dynamic linker uses to load shared libraries.

attack.mitre.org →

T1574.007 Path Interception by PATH Environment Variable Stealth

Adversaries may execute their own malicious payloads by hijacking environment variables used to load libraries.

attack.mitre.org →

Why these techniques?

SUID binary vulnerability directly enables local root privilege escalation (T1068, T1548.001) via PATH hijacking (T1574.007), shared object/Dynamic Linker hijacking (T1574.006), and symlink abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be…

via PATH hijacking, symlink abuse or shared object hijacking.

Deeper analysisAI

CVE-2026-29123 affects a SUID root-owned binary located at /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux systems. Published on 2026-03-05T02:16:51.530, the vulnerability enables potential local privilege escalation when the affected binary is executed, depending on system conditions. It is exploitable through techniques such as PATH hijacking, symlink abuse, or shared object hijacking, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-269 (Improper Privilege Management) and NVD-CWE-noinfo.

A local attacker with low privileges (PR:L) can exploit this vulnerability without user interaction (UI:N) and with low complexity (AC:L). Successful exploitation allows elevation to root privileges, resulting in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Mitigation details are referenced in the advisory at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.

Details

CWE(s): CWE-269 NVD-CWE-noinfo

Affected Products

datacast

sfx2100 firmware

all versions

CVEs Like This One

CVE-2026-29121Same product: Datacast Sfx2100

CVE-2026-29124Same product: Datacast Sfx2100

CVE-2026-29127Same product: Datacast Sfx2100

CVE-2026-28770Same product: Datacast Sfx2100

CVE-2026-29126Same product: Datacast Sfx2100

CVE-2026-28774Same product: Datacast Sfx2100

CVE-2026-28778Same product: Datacast Sfx2100

CVE-2026-28773Same product: Datacast Sfx2100

CVE-2026-28776Same product: Datacast Sfx2100

CVE-2026-29119Same product: Datacast Sfx2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/
Exploit, Third Party Advisory · b7efe717-a805-47cf-8e9a-921fca0ce0ce