Use of well‑known default credentials in the administration interface of the EZCast Pro II dongle, specifically firmware version 1.17478.146, permits an attacker who can reach the device’s web UI to log in as administrator. This grants full control over the device, enabling configuration changes, firmware upgrades, and modification of network settings, which could facilitate further compromise of the host network. The weakness results from improper credential management and is categorized as CWE‑798.

NimbleTech’s EZCast Pro II dongle, running firmware version 1.17478.146. The affected component is the web‑based administration UI provided by the dongle’s firmware.

The CVSS score of 7.6 indicates a high severity impact of unauthorized privileged access. The EPSS score is below 1%, suggesting that active exploitation is currently rare, and the vulnerability is not listed in CISA’s KEV catalog. However, the device is typically accessible from local or corporate networks, so any user who can reach the web UI—whether through unsecured Wi‑Fi, physical access, or a compromised network—can exploit this flaw. Once authenticated, the attacker gains complete administrative control, which could lead to configuration tampering, data exfiltration, or the use of the device as a foothold for further network attacks.