Ezcast Pro Dongle Ii Firmware
CVE-2026-24345
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
AnalysisAI
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 8.8).
Technical ContextAI
This vulnerability (CWE-20: Improper Input Validation) affects Ezcast Pro Dongle Ii Firmware. Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
EZCast Pro II v1.17478.146 uses well-known default credentials in the Admin UI enabling immediate administrative access
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 6.1).
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 5.3).
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today