Description
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
Published: 2026-01-27
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file write
Action: Apply Patch
AI Analysis

Impact

Improper input validation in the Admin UI of EZCast Pro II allows an attacker to manipulate files within the /tmp directory. This flaw is represented by CWE‑20 Input Validation errors. The vulnerability could enable an attacker to create or overwrite files in a temporary location, potentially affecting configuration or execution of subsequent processes. The CVSS score of 5.7 indicates moderate severity, with no indication of remote code execution from the provided description.

Affected Systems

The affected system is the EZCast Pro II dongle, specifically firmware version 1.17478.146. No other versions are listed as affected in the input.

Risk and Exploitability

The CVSS score of 5.7 combined with an EPSS score of less than 1% suggests the risk is moderate but the exploitation probability is low. The vulnerability is not listed in the KEV catalog. The likely attack vector is through the Admin UI interface, which may be reachable over the local network or exposed externally – this is inferred from the description of an Admin UI issue. No additional exploitation conditions are provided in the data.

Generated by OpenCVE AI on April 18, 2026 at 14:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the EZCast Pro II dongle firmware to a version that includes the fix for the /tmp file write issue.
  • Restrict administrative UI access to trusted local networks or specific IP ranges to minimize the attack surface.
  • If firmware upgrade is not immediately possible, disable remote administration features or block access to the Admin UI port through the network firewall.

Generated by OpenCVE AI on April 18, 2026 at 14:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hub.ntc.swiss/ntcf-2025-32806 cve-icon cve-icon
History

Thu, 05 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Nimbletech
Nimbletech ezcast Pro Dongle Ii
Nimbletech ezcast Pro Dongle Ii Firmware
CPEs cpe:2.3:h:nimbletech:ezcast_pro_dongle_ii:-:*:*:*:*:*:*:*
cpe:2.3:o:nimbletech:ezcast_pro_dongle_ii_firmware:1.17478.146:*:*:*:*:*:*:*
Vendors & Products Nimbletech
Nimbletech ezcast Pro Dongle Ii
Nimbletech ezcast Pro Dongle Ii Firmware
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Actions-micro
Actions-micro ezcast Pro Ii
Actions-micro ezcast Pro Ii Firmware
Vendors & Products Actions-micro
Actions-micro ezcast Pro Ii
Actions-micro ezcast Pro Ii Firmware

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
Title Arbitrary file write to /tmp directory in EZCast Pro II Dongle
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U'}

Subscriptions

Actions-micro Ezcast Pro Ii Ezcast Pro Ii Firmware
Nimbletech Ezcast Pro Dongle Ii Ezcast Pro Dongle Ii Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-01-27T14:53:25.851Z

Reserved: 2026-01-22T12:55:22.578Z

Link: CVE-2026-24347

cve-icon Vulnrichment

Updated: 2026-01-27T14:51:02.520Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T10:15:49.220

Modified: 2026-02-05T17:31:57.157

Link: CVE-2026-24347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses