Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
AnalysisAI
Local privilege escalation in EnTech Taiwan TVicPort v4.0 (driver v5.2.1.0) allows authenticated low-privileged users to gain SYSTEM privileges via crafted IOCTL 0x80002008 requests to the TVicPort64.sys kernel driver. The vulnerability stems from improper input validation (CWE-20) in IOCTL handling. Publicly available exploit code exists (GitHub gist), enabling straightforward elevation of privileges on systems with the driver installed. SSVC assessment indicates total technical impact with no active exploitation reported, though the low attack complexity and available POC present significant risk to environments using this I/O port access driver.
Technical ContextAI
TVicPort is a kernel-mode driver providing direct hardware I/O port access for user-mode applications on Windows systems. The vulnerable component TVicPort64.sys (64-bit driver version 5.2.1.0) processes Input/Output Control (IOCTL) requests that allow applications to communicate with kernel drivers. IOCTL code 0x80002008 appears to lack proper input validation (CWE-20: Improper Input Validation), allowing malicious requests to be processed without adequate bounds checking or permission verification. This class of vulnerability is common in third-party kernel drivers that implement custom IOCTL handlers without robust security controls. The CVSS vector (AV:L/AC:L/PR:L) confirms this is a local attack requiring low-privileged credentials with low complexity, while scope U indicates the vulnerability is constrained to the vulnerable driver component but achieves complete compromise (C:H/I:H/A:H) at the SYSTEM privilege level.
RemediationAI
Primary remediation requires uninstalling or disabling the TVicPort driver if not operationally required, as no patched version has been identified in available intelligence at time of analysis. Organizations should inventory systems for TVicPort64.sys version 5.2.1.0 and assess operational necessity. If the driver is required for legacy hardware access or specific applications, implement compensating controls: restrict local logon rights to trusted administrators only via Group Policy (eliminating PR:L attack prerequisite), deploy application whitelisting to prevent unauthorized execution of IOCTL-invoking code, and enable Windows Defender Application Control or equivalent kernel driver signing policies to prevent tampering. Monitor for suspicious IOCTL activity targeting the driver using ETW tracing or kernel driver monitoring solutions. Check the vendor website at https://www.entechtaiwan.com/dev/port/index.shtm for updated driver versions released after this analysis; if a patched version becomes available, prioritize deployment. Note that disabling the driver may break applications dependent on direct I/O port access - test thoroughly in non-production environments. The VulDB advisory at https://vuldb.com/vuln/360180 may contain additional vendor response or remediation guidance.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26240