International Data Casting SFX2100 Multiple SUID Binaries Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in the International Data Casting (IDC) SFX2100 satellite receiver, specifically within a SUID root-owned binary located in the 'xd' user's home directory. This vulnerability allows a local actor to escalate privileges by executing the affected binary, potentially through methods such as PATH hijacking, symlink abuse, or shared object hijacking.

Impact

Exploitation of this vulnerability leads to unauthorized root access on the affected system.

Reproduction

The vulnerability can be reproduced by logging into the device via FTP using the 'xd' user account, which has hardcoded credentials. Once logged in, the SUID binary 'XDTerminal' can be accessed. This binary is linked to a process that runs as root, allowing for privilege escalation by replacing the binary with a malicious version or by creating a symlink to a different file that the binary will execute.