The vulnerability identified as CVE-2026-29125 affects the International Datacasting Corporation SFX2100 Satellite Receiver. It stems from an incorrect permission assignment (CWE-732) where the critical system file /etc/resolv.conf is set to be world-writable by any local user. The /etc/resolv.conf file controls DNS resolver configuration on Unix-like systems, determining how domain names are resolved to IP addresses. By allowing any local user to modify this file, an attacker with low-level local access can alter DNS settings to redirect network traffic to malicious servers. This can lead to man-in-the-middle (MitM) attacks, interception or manipulation of data, and denial of service (DoS) by disrupting name resolution. The vulnerability requires local access but no user interaction, and the complexity of exploitation is high due to the need for local privileges. The CVSS 4.0 score of 7.1 reflects a high severity, with significant impact on confidentiality, integrity, and availability, though the attack vector is local and requires privileges. No patches or known exploits are currently reported, but the risk remains substantial given the critical role of DNS in network communications. The vulnerability is particularly concerning in satellite communication environments where the SFX2100 is deployed, as compromised DNS can affect command and control, data transmission, and operational reliability.

This vulnerability can have severe consequences for organizations relying on the SFX2100 Satellite Receiver. By enabling unauthorized modification of DNS resolver settings, attackers can redirect sensitive communications to malicious endpoints, potentially capturing or altering data in transit. This undermines confidentiality and integrity of communications. Additionally, DNS tampering can disrupt normal network operations, causing denial of service and impacting availability of satellite communication services. Given the critical nature of satellite receivers in broadcasting, emergency communications, and data distribution, exploitation could lead to operational disruptions, loss of trust, and potential cascading failures in dependent systems. The requirement for local access limits remote exploitation but insider threats or compromised local accounts can leverage this vulnerability. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in high-value or targeted environments.

Organizations should immediately review and restrict permissions on the /etc/resolv.conf file on all SFX2100 devices, ensuring it is writable only by privileged system users (e.g., root). Implement strict access controls and audit local user permissions to prevent unauthorized modification. If possible, isolate the satellite receivers within secure network segments to limit local access. Employ monitoring solutions to detect unexpected changes to critical configuration files like /etc/resolv.conf. Since no official patch is currently available, consider vendor engagement for updates or firmware fixes. Additionally, implement DNS security measures such as DNSSEC and network-level filtering to detect and mitigate DNS tampering attempts. Regularly review and harden device configurations and maintain strict operational security to reduce the risk of local privilege escalation that could lead to exploitation.