CVE-2026-29126 is a vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting the International Datacasting Corporation (IDC) SFX2100 Satellite Receiver. The issue stems from the /etc/udhcpc/default.script file, a BusyBox udhcpc DHCP event script, being assigned world-writable permissions. This script is executed with root privileges whenever a DHCP lease is obtained, renewed, or lost. Because the file is world-writable, any local unprivileged user can modify it to include arbitrary commands. When the DHCP client triggers the script, these commands execute with root privileges, resulting in local privilege escalation and persistence on the device. The vulnerability requires local access but no authentication or user interaction, making it relatively easy to exploit if an attacker gains local presence. The CVSS 4.0 score is 8.5 (high), reflecting the significant impact on confidentiality, integrity, and availability, and the ease of exploitation due to low attack complexity and no required privileges. No patches or known exploits have been reported yet, but the vulnerability poses a critical risk to the affected satellite receivers, which are often deployed in sensitive communication environments.

The vulnerability allows a local attacker to gain root privileges on the IDC SFX2100 Satellite Receiver, compromising the confidentiality, integrity, and availability of the device. With root access, attackers can execute arbitrary commands, modify system configurations, install persistent malware, disrupt satellite communications, or use the device as a foothold for lateral movement within the network. This can lead to interception or manipulation of satellite data streams, disruption of broadcast services, and potential compromise of connected infrastructure. Organizations relying on these satellite receivers for critical communication or data distribution face operational disruptions and increased risk of espionage or sabotage. The impact is particularly severe given the strategic importance of satellite communication in government, defense, and media sectors.

1. Immediately audit and correct file permissions on /etc/udhcpc/default.script to restrict write access to root only (e.g., chmod 755 or stricter). 2. Implement file integrity monitoring on critical scripts and configuration files to detect unauthorized changes. 3. Limit local access to trusted personnel and secure physical and remote access channels to the satellite receivers. 4. Employ network segmentation to isolate satellite receivers from general user networks, reducing the risk of local attacker presence. 5. Monitor DHCP lease events and system logs for unusual activity that may indicate exploitation attempts. 6. Engage with IDC for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 7. Consider deploying host-based intrusion detection systems (HIDS) tailored for embedded devices to detect privilege escalation attempts. 8. Review and harden other scripts and binaries with elevated privileges to prevent similar permission misconfigurations.