Cyber Resilience

CVE-2026-30769

HighLPE

Published: 29 April 2026

Published
29 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30769 is a high-severity Improper Input Validation (CWE-20) vulnerability in Entechtaiwan Tvicport. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30769 is a privilege escalation vulnerability in the TVicPort64.sys kernel driver component of EnTech Taiwan's TVicPort Product version 4.0 (file version 5.2.1.0). Published on 2026-04-29, the flaw stems from improper input validation (CWE-20) and improper privilege management (CWE-269), enabling attackers to send crafted IOCTL requests with code 0x80002008 to the driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impact potential in local attack scenarios.

A low-privileged local attacker can exploit this vulnerability by transmitting specially crafted IOCTL 0x80002008 requests to the vulnerable TVicPort64.sys driver. No user interaction is required, and low attack complexity suffices. Successful exploitation yields high confidentiality, integrity, and availability impacts, allowing the attacker to elevate privileges and potentially gain full control over the affected system.

Mitigation details are not specified in the CVE description, but relevant resources include the vendor's product page at https://www.entechtaiwan.com/dev/port/index.shtm and a GitHub gist at https://gist.github.com/lleekkoo/6c73fa4e137aca6f5dfe6aec4f6a7b29, which may provide additional technical analysis or proof-of-concept information for practitioners to review.

EU & UK References

Vulnerability details

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel driver IOCTL vulnerability with improper input validation and privilege management directly enables T1068 Exploitation for Privilege Escalation from low-privileged context to SYSTEM/full control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40317Shared CWE-20, CWE-269
CVE-2025-52347Shared CWE-20, CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-21234Shared CWE-20
CVE-2026-29124Shared CWE-269
CVE-2026-21533Shared CWE-269
CVE-2023-7343Shared CWE-269
CVE-2025-21360Shared CWE-269
CVE-2025-69689Shared CWE-269
CVE-2026-33906Shared CWE-269

Affected Assets

entechtaiwan
tvicport
5.2.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly remediates the improper input validation and privilege management flaws in TVicPort64.sys by applying vendor patches or removing the vulnerable driver.

prevent

Disables unnecessary kernel drivers like TVicPort64.sys, eliminating the IOCTL 0x80002008 attack surface for privilege escalation.

prevent

Enforces least privilege to restrict low-privileged attackers' ability to exploit the vulnerability for significant escalation.

References