Platform
linux
Fixed in
2100.0.1
CVE-2026-29121 describes a privilege escalation vulnerability found in the IDC SFX2100 satellite receiver. Due to the /sbin/ip utility being installed with the setuid bit, a local attacker can potentially gain root privileges on the system. This vulnerability affects versions of the SFX2100 up to and including SFX2100. A fix is expected from IDC.
The presence of the /sbin/ip utility with the setuid bit set grants any local user the ability to execute it with root privileges. This allows an attacker to bypass standard access controls and perform actions that would normally be restricted to the root user. Attackers can leverage GTFObins techniques to perform privileged file reads on the local file system, potentially exfiltrating sensitive data such as configuration files, user credentials, or proprietary information. Further exploitation could involve modifying system files, installing malware, or establishing persistent access to the device.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the GTFObins resource provides readily available techniques for exploiting setuid binaries. The low probability score suggests that active exploitation is unlikely in the short term, but the ease of exploitation should be considered. The vulnerability was publicly disclosed on 2026-03-05.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
The primary mitigation for CVE-2026-29121 is to upgrade the IDC SFX2100 to a patched version when available. Until a patch is released, administrators should restrict access to the /sbin/ip utility. This can be achieved by modifying file permissions to remove the setuid bit (chmod 000 /sbin/ip) or by implementing access control lists (ACLs) to limit which users can execute the binary. Consider using a Linux firewall (iptables, firewalld) to restrict network access to the SFX2100, limiting potential attack vectors. After applying the mitigation, verify that /sbin/ip no longer executes with root privileges using ls -l /sbin/ip.
Remove the setuid bit from the `/sbin/ip` binary using the command `chmod -s /sbin/ip`. This will prevent local users from executing the binary with elevated privileges. Alternatively, update the device firmware to a version that does not include the setuid bit on the `/sbin/ip` binary.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-29121 is a privilege escalation vulnerability affecting IDC SFX2100 satellite receivers. The /sbin/ip utility has the setuid bit set, allowing local users to gain root privileges.
If you are using an IDC SFX2100 satellite receiver with a version ≤SFX2100, you are potentially affected by this vulnerability. Check your device version against the affected range.
The recommended fix is to upgrade to a patched version of the IDC SFX2100 when available. As a temporary mitigation, restrict access to the /sbin/ip utility by removing the setuid bit or implementing access control lists.
There are currently no reports of active exploitation of CVE-2026-29121, but the ease of exploitation warrants attention and proactive mitigation.
Please refer to the IDC website or contact IDC support for the official advisory regarding CVE-2026-29121.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.