Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://kb.cert.org/vuls/id/529388 |
|
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-269 CWE-284 CWE-668 |
|
| Metrics |
cvssV3_1
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise. | |
| Title | CVE-2026-14960 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2026-07-16T15:33:59.441Z
Reserved: 2026-07-07T14:25:40.813Z
Link: CVE-2026-14960
Updated: 2026-07-16T15:29:23.536Z
No data.
No data.
OpenCVE Enrichment
No data.