CVE-2026-29124
Published: 05 March 2026
Summary
CVE-2026-29124 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Datacast Sfx2100 Firmware. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2026-29124 is a local privilege escalation vulnerability in the International Data Casting (IDC) SFX2100 Satellite Receiver. It stems from multiple SUID root-owned binaries located in directories such as /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2. These binaries allow improper elevation of privileges from the `monitor` user to root, associated with CWE-269 (Improper Privilege Management). The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-05.
An attacker with local access and low privileges, specifically as the `monitor` user, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants root-level privileges, enabling high-impact compromise of confidentiality, integrity, and availability on the affected system.
Mitigation details are available in the referenced advisory at https://www.abdulmhsblog.com/posts/sfx2100-vulns/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9516
Vulnerability details
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability in SUID root binaries directly enables exploitation for privilege escalation from monitor user to root (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-6 enforces the principle of least privilege, directly preventing the deployment and use of unnecessary SUID root-owned binaries that enable privilege escalation from the monitor user to root.
CM-7 implements least functionality by configuring systems to disable or prohibit non-essential SUID binaries in user-accessible directories like /home/monitor, mitigating local privilege escalation.
CM-6 requires secure baseline configuration settings, such as removing SUID bits from root-owned binaries in vulnerable paths, to prevent exploitation for root privilege escalation.