Description
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
Published: 2026-04-29
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the TVicPort64.sys driver of EnTech Taiwan’s TVicPort Product allows an attacker to elevate privileges by sending crafted IOCTL 0x80002008 requests. The vulnerability arises from improper input validation and access control in the driver’s IOCTL handling routine. The description indicates that an attacker can send these requests to gain SYSTEM rights, but the exact attack vector is not specified; it is inferred that a local user or process with access to the driver could potentially exploit this flaw.

Affected Systems

EnTech Taiwan TVicPort, version 4.0, driver TVicPort64.sys file version 5.2.1.0 are the impacted items. No other vendors or products are listed.

Risk and Exploitability

The vulnerability has no publicly available EPSS data and is not listed in the CISA KEV catalog, indicating it is not yet known to be actively exploited. Exploitation would require sending a crafted IOCTL to the device driver; the description does not disclose a remote interface, so it is inferred that a local attacker or an application with driver access would need to perform this step. In the absence of a vendor patch, the risk remains significant for systems running the vulnerable driver.

Generated by OpenCVE AI on April 30, 2026 at 14:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or uninstall the TVicPort64.sys driver if the functionality is not required.
  • Restrict access to the driver and its IOCTL interface by applying appropriate device‑level ACLs or permission controls.
  • Monitor the system for abnormal IOCTL usage or driver activity with security‑event logging and behavior‑analysis tools.
  • Apply any vendor‑issued firmware or driver update as soon as one becomes available.
  • Follow least‑privilege principles by minimizing user rights and restricting access to system kernel components.

Generated by OpenCVE AI on April 30, 2026 at 14:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:entechtaiwan:tvicport:5.2.1.0:*:*:*:*:*:*:*

Thu, 30 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Crafted IOCTL in TVicPort64.sys Driver

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Entechtaiwan
Entechtaiwan tvicport
Vendors & Products Entechtaiwan
Entechtaiwan tvicport

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
References

Subscriptions

Entechtaiwan Tvicport
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-29T20:04:26.509Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30769

cve-icon Vulnrichment

Updated: 2026-04-29T20:00:58.802Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-29T16:16:22.920

Modified: 2026-05-05T14:31:16.030

Link: CVE-2026-30769

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:15:40Z

Weaknesses