CWE-782 36 個 CVE MITRE 定義 ↗

CWE-782:Exposed IOCTL with Insufficient Access Control

概覽

CWE-782(Exposed IOCTL with Insufficient Access Control)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

適用平台

類型 名稱 普遍性 OS / CPE
language C Often
language C++ Often
operating_system Unix Undetermined
operating_system Windows Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-9492 2026-07-13 The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send sp…
CVE-2026-57851 2026-07-07 MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write an…
CVE-2026-8797 2026-06-26 An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
CVE-2026-56129 2026-06-25 Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may ac…
CVE-2025-15641 2026-06-17 Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sendin…
CVE-2026-8501 2026-06-01 Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOC…
CVE-2026-6737 2026-05-07 An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touch…
CVE-2026-36355 2026-05-05 The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl…
CVE-2026-4483 2026-04-08 An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOC…
CVE-2025-27535 2026-02-10 Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. Sy…
CVE-2025-47761 2025-11-18 An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenti…
CVE-2025-8061 2025-09-11 A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated loca…
CVE-2025-7771 2025-08-06 ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exp…
CVE-2023-44976 2025-08-01 Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in th…
CVE-2025-26125 2025-03-17 An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.
CVE-2024-0141 2025-03-04 NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successfu…
CVE-2024-39251 2024-07-01 An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges…
CVE-2024-4196 2024-06-25 An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affect…
CVE-2024-33222 2024-05-22 An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-33221 2024-05-22 An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2009-07-15
版本
1.5

內容修訂

日期 名稱 版本 重要性 評論
2009-12-28 CWE Content Team 1.7 updated Time_of_Introduction
2017-11-08 CWE Content Team 3.0 updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Common_Consequences
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
cvelogic Threat Intelligence