{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:15:57.538","vulnerabilities":[{"cve":{"id":"CVE-2026-29121","sourceIdentifier":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","published":"2026-03-05T01:15:51.057","lastModified":"2026-03-11T18:35:55.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions."},{"lang":"es","value":"El receptor de satélite International Data Casting (IDC) SFX2100 viene con la utilidad `/sbin/ip` instalada con el bit setuid establecido. Esta configuración otorga privilegios elevados a cualquier usuario local que pueda ejecutar el binario. Un actor local puede usar el recurso GTFObins para realizar lecturas de archivos privilegiadas como el usuario root en el sistema de archivos local y puede potencialmente conducir a otras vías para realizar acciones privilegiadas."}],"metrics":{"cvssMetricV40":[{"source":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C57B6A9-CAF9-4C8A-85FC-562E16F291FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*","matchCriteriaId":"2A3BC5C9-39D5-4908-B470-A46E9ECFD6AB"}]}]}],"references":[{"url":"https://gtfobins.org/gtfobins/ip/","source":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","tags":["Exploit"]},{"url":"https://www.abdulmhsblog.com/posts/sfx2100-vulns/","source":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","tags":["Exploit","Third Party Advisory"]}]}}]}