Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for H616 by Allwinner

    CVE-2026-58378 (GCVE-0-2026-58378)

    Vulnerability from nvd – Published: 2026-07-09 17:46 – Updated: 2026-07-09 17:46
    VLAI
    Title
    Allwinner TV Box TV98 ADB exposed on network
    Summary
    Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Allwinner H616 Affected: 0 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    RelunSec
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "H616",
              "vendor": "Allwinner",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RelunSec"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-58378",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-06-30T15:22:25.463122Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489 Active Debug Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T17:46:00.635Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-58378"
            },
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-03.json"
            }
          ],
          "title": "Allwinner TV Box TV98 ADB exposed on network"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-58378",
        "datePublished": "2026-07-09T17:46:00.635Z",
        "dateReserved": "2026-06-30T15:25:14.279Z",
        "dateUpdated": "2026-07-09T17:46:00.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58378 (GCVE-0-2026-58378)

    Vulnerability from cvelistv5 – Published: 2026-07-09 17:46 – Updated: 2026-07-09 17:46
    VLAI
    Title
    Allwinner TV Box TV98 ADB exposed on network
    Summary
    Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Allwinner H616 Affected: 0 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    RelunSec
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "H616",
              "vendor": "Allwinner",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RelunSec"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-58378",
                  "options": [
                    {
                      "Exploitation": "poc"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "total"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-06-30T15:22:25.463122Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489 Active Debug Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T17:46:00.635Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-58378"
            },
            {
              "name": "url",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-03.json"
            }
          ],
          "title": "Allwinner TV Box TV98 ADB exposed on network"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-58378",
        "datePublished": "2026-07-09T17:46:00.635Z",
        "dateReserved": "2026-06-30T15:25:14.279Z",
        "dateUpdated": "2026-07-09T17:46:00.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }