Plataforma
linux
Corregido en
2100.0.1
CVE-2026-29121 describes a privilege escalation vulnerability found in the IDC SFX2100 satellite receiver. Due to the /sbin/ip utility being installed with the setuid bit, a local attacker can potentially gain root privileges on the system. This vulnerability affects versions of the SFX2100 up to and including SFX2100. A fix is expected from IDC.
The presence of the /sbin/ip utility with the setuid bit set grants any local user the ability to execute it with root privileges. This allows an attacker to bypass standard access controls and perform actions that would normally be restricted to the root user. Attackers can leverage GTFObins techniques to perform privileged file reads on the local file system, potentially exfiltrating sensitive data such as configuration files, user credentials, or proprietary information. Further exploitation could involve modifying system files, installing malware, or establishing persistent access to the device.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the GTFObins resource provides readily available techniques for exploiting setuid binaries. The low probability score suggests that active exploitation is unlikely in the short term, but the ease of exploitation should be considered. The vulnerability was publicly disclosed on 2026-03-05.
Organizations utilizing IDC SFX2100 satellite receivers, particularly those with limited access controls or those running the device in environments with untrusted local users, are at risk. Shared hosting environments where multiple users have access to the underlying operating system are also particularly vulnerable.
• linux / server:
find / -perm +4000 -type f 2>/dev/null | grep ip• linux / server:
journalctl -xe | grep '/sbin/ip'• linux / server:
lsof /sbin/ipdisclosure
Estado del Exploit
EPSS
0.02% (6% percentil)
CISA SSVC
The primary mitigation for CVE-2026-29121 is to upgrade the IDC SFX2100 to a patched version when available. Until a patch is released, administrators should restrict access to the /sbin/ip utility. This can be achieved by modifying file permissions to remove the setuid bit (chmod 000 /sbin/ip) or by implementing access control lists (ACLs) to limit which users can execute the binary. Consider using a Linux firewall (iptables, firewalld) to restrict network access to the SFX2100, limiting potential attack vectors. After applying the mitigation, verify that /sbin/ip no longer executes with root privileges using ls -l /sbin/ip.
Retire el bit setuid del binario `/sbin/ip` usando el comando `chmod -s /sbin/ip`. Esto evitará que los usuarios locales ejecuten el binario con privilegios elevados. Alternativamente, actualice el firmware del dispositivo a una versión que no incluya el bit setuid en el binario `/sbin/ip`.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-29121 is a privilege escalation vulnerability affecting IDC SFX2100 satellite receivers. The /sbin/ip utility has the setuid bit set, allowing local users to gain root privileges.
If you are using an IDC SFX2100 satellite receiver with a version ≤SFX2100, you are potentially affected by this vulnerability. Check your device version against the affected range.
The recommended fix is to upgrade to a patched version of the IDC SFX2100 when available. As a temporary mitigation, restrict access to the /sbin/ip utility by removing the setuid bit or implementing access control lists.
There are currently no reports of active exploitation of CVE-2026-29121, but the ease of exploitation warrants attention and proactive mitigation.
Please refer to the IDC website or contact IDC support for the official advisory regarding CVE-2026-29121.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.