CVE-2026-29123 is a vulnerability classified under CWE-269 (Improper Privilege Management) affecting the International Datacasting Corporation SFX2100 Satellite Receiver running Linux. The root cause is a SUID (Set User ID) binary named XDTerminal located at /home/xd/terminal/, which is owned by root and executed with elevated privileges. This binary improperly manages its execution environment, allowing local attackers to exploit common privilege escalation techniques such as PATH hijacking (manipulating the search path to execute malicious binaries), symlink abuse (creating symbolic links to redirect file operations), and shared object hijacking (loading malicious shared libraries). These exploitation methods can lead to arbitrary code execution with root privileges. The vulnerability requires the attacker to have local access with limited privileges (PR:L) and to perform privileged actions (AT:P). The CVSS 4.0 base score is 8.6, indicating high severity, with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of the SFX2100 product. No patches or exploit code are currently publicly available, and no known exploits in the wild have been reported. This vulnerability is critical for environments where the SFX2100 device is deployed, especially in sensitive or critical infrastructure contexts.

The primary impact of CVE-2026-29123 is local privilege escalation, allowing an attacker with limited user privileges on the SFX2100 device to gain root-level access. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of critical system files, disruption of satellite receiver operations, and potential pivoting to other networked systems. Given the device’s role in satellite data broadcasting, exploitation could disrupt communication services or data integrity in critical infrastructure sectors such as broadcasting, emergency services, and government communications. The vulnerability’s high severity and ease of exploitation via common techniques increase the risk of insider threats or attackers who have gained limited access through other means. Organizations relying on the SFX2100 for data transmission or reception may face operational downtime, data breaches, or loss of trust if this vulnerability is exploited.

To mitigate CVE-2026-29123, organizations should first check for and apply any vendor-provided patches or updates from International Datacasting Corporation as they become available. In the absence of patches, immediate mitigation steps include: 1) Restrict local access to the SFX2100 device to trusted personnel only, minimizing the risk of local exploitation. 2) Audit and harden the environment where the SUID binary resides by removing or restricting write permissions on directories and files in the execution path to prevent PATH hijacking and symlink abuse. 3) Use filesystem integrity monitoring to detect unauthorized changes to the /home/xd/terminal/ directory and the XDTerminal binary. 4) Employ mandatory access controls (e.g., SELinux or AppArmor) to confine the execution of the SUID binary and limit its ability to load untrusted shared objects. 5) Monitor system logs for suspicious activity related to the execution of the XDTerminal binary or attempts to manipulate environment variables. 6) Consider isolating or segmenting the device network to reduce the impact of a compromised device. 7) Educate administrators and users about the risks of local privilege escalation and enforce strong authentication and access policies.