Ezcast Pro Dongle Ii Firmware
CVE-2026-24348
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
AnalysisAI
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 6.1).
Technical ContextAI
This vulnerability (CWE-20: Improper Input Validation) affects Ezcast Pro Dongle Ii Firmware. Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
EZCast Pro II v1.17478.146 uses well-known default credentials in the Admin UI enabling immediate administrative access
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 8.8).
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 5.3).
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today