Cyber Posture

CVE-2026-30769

HighLPE

Published: 29 April 2026

Published
29 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30769 is a high-severity Improper Input Validation (CWE-20) vulnerability in Entechtaiwan Tvicport. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
preventrecover

Directly remediates the improper input validation and privilege management flaws in TVicPort64.sys by applying vendor patches or removing the vulnerable driver.

CM-7 Least Functionality good match
prevent

Disables unnecessary kernel drivers like TVicPort64.sys, eliminating the IOCTL 0x80002008 attack surface for privilege escalation.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict low-privileged attackers' ability to exploit the vulnerability for significant escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local kernel driver IOCTL vulnerability with improper input validation and privilege management directly enables T1068 Exploitation for Privilege Escalation from low-privileged context to SYSTEM/full control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

Deeper analysisAI

CVE-2026-30769 is a privilege escalation vulnerability in the TVicPort64.sys kernel driver component of EnTech Taiwan's TVicPort Product version 4.0 (file version 5.2.1.0). Published on 2026-04-29, the flaw stems from improper input validation (CWE-20) and improper privilege management (CWE-269), enabling attackers to send crafted IOCTL requests with code 0x80002008 to the driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impact potential in local attack scenarios.

A low-privileged local attacker can exploit this vulnerability by transmitting specially crafted IOCTL 0x80002008 requests to the vulnerable TVicPort64.sys driver. No user interaction is required, and low attack complexity suffices. Successful exploitation yields high confidentiality, integrity, and availability impacts, allowing the attacker to elevate privileges and potentially gain full control over the affected system.

Mitigation details are not specified in the CVE description, but relevant resources include the vendor's product page at https://www.entechtaiwan.com/dev/port/index.shtm and a GitHub gist at https://gist.github.com/lleekkoo/6c73fa4e137aca6f5dfe6aec4f6a7b29, which may provide additional technical analysis or proof-of-concept information for practitioners to review.

Details

CWE(s)
CWE-20CWE-269

Affected Products

entechtaiwan
tvicport
5.2.1.0

CVEs Like This One

CVE-2026-40317Shared CWE-20, CWE-269
CVE-2025-52347Shared CWE-20, CWE-269
CVE-2025-64487Shared CWE-269
CVE-2025-67905Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2025-21234Shared CWE-20
CVE-2026-26416Shared CWE-269
CVE-2025-21360Shared CWE-269
CVE-2025-23093Shared CWE-269

References