EnTech Taiwan TVicPort Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the TVicPort64.sys component of EnTech Taiwan's TVicPort Product version 4.0, File version 5.2.1.0. The issue arises because the driver creates its device object with a NULL Discretionary Access Control List (DACL), allowing any local user to open a handle and send crafted IOCTL 0x80002008 requests. This exploitation can lead to arbitrary physical memory read/write operations, enabling local privilege escalation and bypassing security features from any user context.

Impact

Exploitation of this vulnerability allows for local privilege escalation by manipulating IOCTLs to read from or write arbitrary data to physical memory, potentially altering the behavior of the system or applications.

Added: Apr 29, 2026, 4:34 PM

Updated: Apr 29, 2026, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EnTech Taiwan TVicPort Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating