CVE-2026-58378 PUBLISHED

Allwinner TV Box TV98 ADB exposed on network

Assigner: cisa-cg
Reserved: 30.06.2026 Published: 09.07.2026 Updated: 09.07.2026

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.6

Product Status

Vendor Allwinner
Product H616
Versions Default: affected
  • affected from 0 to * (excl.)

Credits

  • RelunSec

References

Problem Types

  • CWE-489 Active Debug Code CWE