Local Privilege Escalation Vulnerability in IDC SFX2100 Satellite Receiver
CVE-2026-29124

8.6HIGH

Key Information:

Vendor: International Datacasting Corporation
Status: Sfx2100 Satellite Receiver
Vendor: CVE Published:; 5 March 2026

🔔 Create International Datacasting Corporation Vulnerability Alert

What is CVE-2026-29124?

Multiple SUID root-owned binaries are present in various directories of the IDC SFX2100 Satellite Receiver, specifically in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2. This configuration allows the 'monitor' user to execute these binaries with elevated privileges, potentially allowing attackers to escalate their access from a lower privilege user to root.

Affected Version(s)

SFX2100 Satellite Receiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Abdul Mhanni

CVE-2026-29124 Data

JSON