thermalright TR-VISION HOME up to 2.0.4 on Windows inclusion of functionality from untrusted control sphere

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
6.4$0-$5k0.00

Summaryinfo

A vulnerability classified as critical was found in thermalright TR-VISION HOME up to 2.0.4 on Windows. Affected is an unknown function. Such manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is listed as CVE-2026-4255. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as critical, has been found in thermalright TR-VISION HOME up to 2.0.4 on Windows. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a inclusion of functionality from untrusted control sphere vulnerability. Using CWE to declare the problem leads to CWE-829. The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Impacted is confidentiality, integrity, and availability. CVE summarizes:

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does not verify the integrity or digital signature of loaded libraries. As a result, attacker-controlled code may be executed within the security context of the application, allowing arbitrary code execution with elevated privileges.\n\n\n\nSuccessful exploitation requires that an attacker place a crafted malicious DLL in a user-writable directory that is included in the application's DLL search path and then cause the affected application to be executed. Once loaded, the malicious DLL runs with the same privileges as the application.\n\n\n\nThis issue affects \nTR-VISION HOME  versions up to and including 2.0.5.

The weakness was presented by Ard33. The advisory is available at thermalright.com. This vulnerability is handled as CVE-2026-4255 since 03/16/2026. The exploitation is known to be easy. Local access is required to approach this attack. Additional levels of successful authentication are necessary for exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 2.0.5 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-12363). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

Name

Version

CPE 2.3info

CPE 2.2info

CVSSv4info

VulDB Vector: 🔒
VulDB Reliability: 🔍

CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒

CVSSv3info

VulDB Meta Base Score: 6.7
VulDB Meta Temp Score: 6.4

VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv2info

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploitinginfo

Class: Inclusion of functionality from untrusted control sphere
CWE: CWE-829
CAPEC: 🔒
ATT&CK: 🔒

Physical: Partially
Local: Yes
Remote: Partially

Availability: 🔒
Status: Not defined

EPSS Score: 🔒
EPSS Percentile: 🔒

Price Prediction: 🔍
Current Price Estimation: 🔒

0-DayUnlockUnlockUnlockUnlock
TodayUnlockUnlockUnlockUnlock

Threat Intelligenceinfo

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍

Countermeasuresinfo

Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: TR-VISION HOME 2.0.5

Timelineinfo

03/16/2026 Advisory disclosed
03/16/2026 +0 days CVE reserved
03/16/2026 +0 days VulDB entry created
03/16/2026 +0 days VulDB entry last update

Sourcesinfo

Advisory: thermalright.com
Researcher: Ard33
Status: Confirmed

CVE: CVE-2026-4255 (🔒)
GCVE (CVE): GCVE-0-2026-4255
GCVE (VulDB): GCVE-100-351218
EUVD: 🔒

Entryinfo

Created: 03/16/2026 09:52
Updated: 03/16/2026 10:14
Changes: 03/16/2026 09:52 (67), 03/16/2026 10:14 (1)
Complete: 🔍
Cache ID: 216::103

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion

No comments yet. Languages: en.

Please log in to comment.

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!