Skip to main content

Pegatron Tdelo64.sys CVE-2026-14961

MEDIUM
Improper Input Validation (CWE-20)
2026-07-15 certcc
6.2
CVSS 3.1 · Vendor: certcc
Share

Severity by source

Vendor (certcc) PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
9.3 CRITICAL

Arbitrary kernel write enables SYSTEM token escalation (S:C, I:H, A:H); device interface accessible without any privileges (PR:N).

3.1 AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (certcc).

CVSS VectorVendor: certcc

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jul 15, 2026 - 20:23 vuln.today
CVSS changed
Jul 15, 2026 - 20:22 NVD
6.2 (MEDIUM)
CVE Published
Jul 15, 2026 - 17:09 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Pegatron Tdelo64.sys exposes a privileged device interface, \\.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By sending crafted requests to IOCTL, a local attacker can achieve arbitrary kernel memory read and write operations, leading to privilege escalation to NT AUTHORITY\SYSTEM, security product bypass, credential theft, or complete system compromise.

AnalysisAI

Privilege escalation to NT AUTHORITY\SYSTEM is achievable on Windows systems hosting the Pegatron Tdelo64.sys kernel-mode driver, which exposes the \\.\TdeIo device interface without enforcing caller privilege checks or validating user-supplied kernel memory addresses in its IOCTL dispatcher. Any local user can open the device interface and send crafted IOCTL requests to perform arbitrary kernel memory read and write operations, enabling full system compromise including credential theft and security product bypass. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user-level code execution
Delivery
Open \\.\TdeIo device interface without privileges
Exploit
Send crafted IOCTL with attacker-controlled kernel address
Execution
Trigger arbitrary kernel memory write in Tdelo64.sys
Persist
Overwrite EPROCESS security token of attacker process
Impact
Achieve full NT AUTHORITY\SYSTEM privileges

Vulnerability AssessmentAI

Exploitation The Pegatron Tdelo64.sys driver must be installed and actively loaded on the target Windows system, and the \\.\TdeIo device interface must be reachable by non-privileged users - the vulnerability exists precisely because this access restriction is absent. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 base score of 6.2 with vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N is materially inconsistent with the described impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with a standard user account on a Windows system running the Pegatron Tdelo64.sys driver opens the \\.\TdeIo device interface, which requires no elevated privileges, then sends a crafted IOCTL request containing a controlled kernel memory address. The driver performs a write operation at the attacker-supplied address without validation, enabling the attacker to overwrite the EPROCESS security token of their own process, escalating to NT AUTHORITY\SYSTEM and subsequently disabling endpoint security callbacks before conducting credential theft or lateral movement. …
Remediation Consult the CERT/CC advisory at https://kb.cert.org/vuls/id/529388 for official vendor guidance and any available patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14961 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy