Skip to main content

TV98 TV Box EUVDEUVD-2026-42661

| CVE-2026-58378 HIGH
Active Debug Code (CWE-489)
2026-07-09 9119a7d8-5eab-497f-8521-727c672e3725 GHSA-mfgm-xvxw-j43w
8.6
CVSS 4.0 · Vendor: 9119a7d8-5eab-497f-8521-727c672e3725
Share

Severity by source

Vendor (9119a7d8-5eab-497f-8521-727c672e3725) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable adbd with no attacker auth (PR:N) but victim must approve the prompt (UI:R); success yields root, so C/I/A all High and scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (9119a7d8-5eab-497f-8521-727c672e3725).

CVSS VectorVendor: 9119a7d8-5eab-497f-8521-727c672e3725

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 18:33 vuln.today

DescriptionCVE.org

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.

AnalysisAI

Root-level device takeover affects the Allwinner H616-based TV98 Android TV Box, which ships to production with the Android Debug Bridge (ADB) daemon enabled and reachable over the network (TCP/5555). A network attacker can send an ADB authorization request, and if the victim accepts the RSA key confirmation prompt on the device, the attacker obtains a root shell. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Scan LAN for open TCP/5555
Delivery
Issue ADB connect to device
Exploit
Device shows authorization prompt
Execution
Victim approves RSA key
Persist
Obtain root ADB shell
Impact
Install malware / exfiltrate data

Vulnerability AssessmentAI

Exploitation Exploitation requires that (1) the TV98's ADB daemon is running and bound to the network interface (its shipped default per the report, typically TCP/5555), (2) the attacker has network reachability to that port - same LAN, or a routed/port-forwarded path from the internet, and (3) the victim actively approves the on-screen ADB authorization / RSA key confirmation prompt (CVSS UI:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score is 8.6 (High) with vector AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H, meaning remote, low-complexity, unauthenticated attack reachability but with an explicit Active user-interaction requirement (UI:A) - the victim must approve the ADB RSA key prompt. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same LAN (or able to reach the device's IP, e.g. via a port-forwarded or internet-exposed box) scans for open TCP/5555, then issues 'adb connect <device-ip>' which triggers an authorization prompt on the TV screen. …
Remediation No vendor-released patch version was identified at time of analysis; consult the CSAF advisory (https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-03.json) for vendor firmware guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all TV98 devices in production and implement firewall rules to block inbound connections to TCP 5555; if feasible, disable ADB through device settings or network segmentation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42661 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy