Description
Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution
Published: 2026-01-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability consists of multiple buffer overflows within the admin user interface of EZCast Pro II dongle firmware version 1.17478.146. These overflows can lead to program crashes and potentially allow an attacker to execute arbitrary code on the device. The weakness corresponds to CWE‑120, a classic buffer overflow.

Affected Systems

Affected devices are EZCast Pro II USB dongles running firmware 1.17478.146. No other products or versions are listed.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that, at the time of analysis, exploitation attempts are unlikely to be widespread, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves access to the local network and submission of malicious input to the admin UI; therefore an attacker would need network connectivity to the device. Because the flaw can lead to arbitrary code execution, if exploited it could give the attacker full control over the dongle.

Generated by OpenCVE AI on April 18, 2026 at 14:52 UTC.

Remediation

Vendor Workaround

Until a firmware patch is made available by the vendor, users are advised to disconnect the dongle from their local network and limit its use strictly to Access Point functionality to minimize the attack surface.

OpenCVE Recommended Actions

  • Isolate the dongle from the local network or disconnect it when not needed
  • Use the device only in Access Point mode to reduce the exposed functionality
  • Apply a vendor‑supplied firmware patch as soon as it becomes available

Generated by OpenCVE AI on April 18, 2026 at 14:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hub.ntc.swiss/ntcf-2025-68873 cve-icon cve-icon
History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Actions-micro
Actions-micro ezcast Pro Ii
Actions-micro ezcast Pro Ii Firmware
Vendors & Products Actions-micro
Actions-micro ezcast Pro Ii
Actions-micro ezcast Pro Ii Firmware

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
Description Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution
Title Multiple Buffer Overflows in EZCast Pro II Dongle
Weaknesses CWE-120
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U'}

Subscriptions

Actions-micro Ezcast Pro Ii Ezcast Pro Ii Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-01-27T14:25:06.534Z

Reserved: 2026-01-22T12:55:22.577Z

Link: CVE-2026-24344

cve-icon Vulnrichment

Updated: 2026-01-27T14:24:43.116Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:48.767

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses