Skip to main content

TVicPort CVE-2026-30769

| EUVDEUVD-2026-26240 HIGH
Improper Input Validation (CWE-20)
2026-04-29 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Apr 29, 2026 - 21:22 vuln.today
CVSS changed
Apr 29, 2026 - 21:22 NVD
7.8 (None) 7.8 (HIGH)
EUVD ID Assigned
Apr 29, 2026 - 16:22 euvd
EUVD-2026-26240
Analysis Generated
Apr 29, 2026 - 16:22 vuln.today
CVE Published
Apr 29, 2026 - 16:16 nvd
HIGH 7.8

DescriptionCVE.org

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

AnalysisAI

Local privilege escalation in EnTech Taiwan TVicPort v4.0 (driver v5.2.1.0) allows authenticated low-privileged users to gain SYSTEM privileges via crafted IOCTL 0x80002008 requests to the TVicPort64.sys kernel driver. The vulnerability stems from improper input validation (CWE-20) in IOCTL handling. Publicly available exploit code exists (GitHub gist), enabling straightforward elevation of privileges on systems with the driver installed. SSVC assessment indicates total technical impact with no active exploitation reported, though the low attack complexity and available POC present significant risk to environments using this I/O port access driver.

Technical ContextAI

TVicPort is a kernel-mode driver providing direct hardware I/O port access for user-mode applications on Windows systems. The vulnerable component TVicPort64.sys (64-bit driver version 5.2.1.0) processes Input/Output Control (IOCTL) requests that allow applications to communicate with kernel drivers. IOCTL code 0x80002008 appears to lack proper input validation (CWE-20: Improper Input Validation), allowing malicious requests to be processed without adequate bounds checking or permission verification. This class of vulnerability is common in third-party kernel drivers that implement custom IOCTL handlers without robust security controls. The CVSS vector (AV:L/AC:L/PR:L) confirms this is a local attack requiring low-privileged credentials with low complexity, while scope U indicates the vulnerability is constrained to the vulnerable driver component but achieves complete compromise (C:H/I:H/A:H) at the SYSTEM privilege level.

RemediationAI

Primary remediation requires uninstalling or disabling the TVicPort driver if not operationally required, as no patched version has been identified in available intelligence at time of analysis. Organizations should inventory systems for TVicPort64.sys version 5.2.1.0 and assess operational necessity. If the driver is required for legacy hardware access or specific applications, implement compensating controls: restrict local logon rights to trusted administrators only via Group Policy (eliminating PR:L attack prerequisite), deploy application whitelisting to prevent unauthorized execution of IOCTL-invoking code, and enable Windows Defender Application Control or equivalent kernel driver signing policies to prevent tampering. Monitor for suspicious IOCTL activity targeting the driver using ETW tracing or kernel driver monitoring solutions. Check the vendor website at https://www.entechtaiwan.com/dev/port/index.shtm for updated driver versions released after this analysis; if a patched version becomes available, prioritize deployment. Note that disabling the driver may break applications dependent on direct I/O port access - test thoroughly in non-production environments. The VulDB advisory at https://vuldb.com/vuln/360180 may contain additional vendor response or remediation guidance.

Share

CVE-2026-30769 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy