CVE-2026-58378
Received Received - Intake

ADB Remote Root Access in Allwinner H616 TV Box TV98

Vulnerability report for CVE-2026-58378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in the Allwinner H616 TV Box TV98, where the Android Debug Bridge (ADB) is enabled and exposed to the network in a production environment.

An attacker can send a request for ADB authorization, and if the victim allows access, the attacker can gain root level privileges on the device.

Impact Analysis

If exploited, this vulnerability allows an attacker to gain root level privileges on the affected device.

This means the attacker can fully control the device, potentially leading to unauthorized access to sensitive data, installation of malicious software, disruption of device functionality, and compromise of network security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart