Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-782 (无充分访问控制条件下暴露IOCTL) — Vulnerability Class 18

18 vulnerabilities classified as CWE-782 (无充分访问控制条件下暴露IOCTL). AI Chinese analysis included.

CWE-782 represents a critical access control weakness where an operating system’s ioctl interface exposes privileged functionality without enforcing proper permission checks. This vulnerability typically arises when developers expose internal device drivers or system commands to user-space applications, assuming that only trusted processes will invoke them. Attackers exploit this by directly calling the unrestricted ioctl command, potentially gaining unauthorized root-level access, bypassing security boundaries, or executing arbitrary code with elevated privileges. To mitigate this risk, developers must rigorously implement access control lists and verify user credentials before processing any ioctl request. Additionally, minimizing the attack surface by removing unnecessary ioctl commands and applying the principle of least privilege ensures that only authorized entities can interact with sensitive system functions, thereby preventing exploitation by malicious actors.

MITRE CWE Description
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. When an IOCTL contains privileged functionality and is exposed unnecessarily, attackers may be able to access this functionality by invoking the IOCTL. Even if the functionality is benign, if the programmer has assumed that the IOCTL would only be accessed by a trusted process, there may be little or no validation of the incoming data, exposing weaknesses that would never be reachable if the attacker cannot call the IOCTL directly. The implementations of IOCTLs will differ between operating system types and versions, so the methods of attack and prevention may vary widely.
Common Consequences (1)
Integrity, Availability, ConfidentialityVaries by Context
Attackers can invoke any functionality that the IOCTL offers. Depending on the functionality, the consequences may include code execution, denial-of-service, and theft of data.
Mitigations (1)
Architecture and DesignIn Windows environments, use proper access control for the associated device or device namespace. See References.
CVE IDTitleCVSSSeverityPublished
CVE-2026-6737 华硕Precision Touchpad驱动本地提权及可用性问题 — AsusPTPFilter--2026-05-08
CVE-2026-4483 Moxa MxGeneralIo 安全漏洞 — MxGeneralIo 6.7AIMediumAI2026-04-08
CVE-2025-47761 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 7.1 High2025-11-18
CVE-2025-8061 Lenovo Dispatcher 安全漏洞 — Dispatcher 3.0 Driver 7.0 High2025-09-11
CVE-2025-7771 Code Execution / Escalation of Privileges in ThrottleStop — ThrottleStop 7.8AIHighAI2025-08-06
CVE-2023-44976 Hangzhou Shunwang Rentdrv2 安全漏洞 — Rentdrv2 3.2 Low2025-08-01
CVE-2024-0141 NVIDIA Hopper HGX 8-GPU 安全漏洞 — NVIDIA Hopper HGX 8-GPU 6.8 Medium2025-03-05
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability — IP Office 10.0 Critical2024-06-25
CVE-2021-21785 IOBit Advanced SystemCare 安全漏洞 — IOBit 5.5 -2021-08-05
CVE-2021-21792 IOBit Advanced SystemCare 安全漏洞 — IObit 5.5 -2021-08-05
CVE-2021-21791 IOBit Advanced SystemCare 安全漏洞 — IOBit 5.5 -2021-08-05
CVE-2021-21790 IOBit Advanced SystemCare 安全漏洞 — IOBit 5.5 -2021-08-05
CVE-2021-25695 Teradici PCOIP Software Agent 安全漏洞 — - PCoIP Agent for Windows 8.4 -2021-07-21
CVE-2021-21786 Iobit IOBit Advanced SystemCare 访问控制错误漏洞 — Iobit 8.8 -2021-07-07
CVE-2021-21789 IOBit Advanced SystemCare 安全漏洞 — Iobit 8.8 -2021-07-07
CVE-2021-21788 IOBit Advanced SystemCare 安全漏洞 — Iobit 8.8 -2021-07-07
CVE-2021-21787 IOBit Advanced SystemCare 安全漏洞 — Iobit 8.8 -2021-07-07
CVE-2021-21551 Dell dbutil Driver 安全漏洞 — dbutil 8.8 High2021-05-04

Vulnerabilities classified as CWE-782 (无充分访问控制条件下暴露IOCTL) represent 18 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.