Search
Find a vulnerability
Search criteria
2 vulnerabilities found for H616 by Allwinner
CVE-2026-58378 (GCVE-0-2026-58378)
Vulnerability from nvd – Published: 2026-07-09 17:46 – Updated: 2026-07-09 17:46
VLAI
EPSS
VEX
Title
Allwinner TV Box TV98 ADB exposed on network
Summary
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
Severity
CWE
- CWE-489 - Active Debug Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cve.org/CVERecord?id=CVE-2026-58378 | vdb-entry |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | third-party-advisory |
Date Public
2026-07-09 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "H616",
"vendor": "Allwinner",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "RelunSec"
}
],
"datePublic": "2026-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-58378",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:22:25.463122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:46:00.635Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58378"
},
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-03.json"
}
],
"title": "Allwinner TV Box TV98 ADB exposed on network"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-58378",
"datePublished": "2026-07-09T17:46:00.635Z",
"dateReserved": "2026-06-30T15:25:14.279Z",
"dateUpdated": "2026-07-09T17:46:00.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58378 (GCVE-0-2026-58378)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:46 – Updated: 2026-07-09 17:46
VLAI
EPSS
VEX
Title
Allwinner TV Box TV98 ADB exposed on network
Summary
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
Severity
CWE
- CWE-489 - Active Debug Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cve.org/CVERecord?id=CVE-2026-58378 | vdb-entry |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | third-party-advisory |
Date Public
2026-07-09 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "H616",
"vendor": "Allwinner",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "RelunSec"
}
],
"datePublic": "2026-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-58378",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:22:25.463122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:46:00.635Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"tags": [
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58378"
},
{
"name": "url",
"tags": [
"third-party-advisory"
],
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-03.json"
}
],
"title": "Allwinner TV Box TV98 ADB exposed on network"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-58378",
"datePublished": "2026-07-09T17:46:00.635Z",
"dateReserved": "2026-06-30T15:25:14.279Z",
"dateUpdated": "2026-07-09T17:46:00.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}