3 matches found
CVE-2026-29121
International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...
CVE-2026-29125 IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due to world-writable `/etc/resolv.conf`
IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...
CVE-2026-28777
The SFX2100 Satellite Receiver from IDC is affected by a credential issue: a trivial password for the user (usr) account enables remote unauthenticated SSH access. An attacker can land in a restricted shell and trivially spawn a full pty for an interactive shell, leading to high impact on confide...