Description
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
Published: 2026-03-31
Score: 9 Critical
EPSS: n/a
KEV: No
Impact: Remote Code Execution / Information Exposure
Action: Immediate Patch
AI Analysis

Impact

An arbitrary file overwrite flaw in UXGROUP LLC Cast to TV Screen Mirroring allows attackers to replace critical internal files through the file import feature, which can lead to arbitrary code execution or leakage of sensitive information. The weakness stems from inadequate validation of file paths and destinations (CWE‑22 and CWE‑73).

Affected Systems

The flaw affects the Cast to TV Screen Mirroring product manufactured by UXGROUP LLC, version 2.2.77. No other vendors or versions are listed as impacted.

Risk and Exploitability

With a CVSS score of 9 the vulnerability is rated critical, indicating full system compromise. While the EPSS score is not available and it is not in the CISA KEV catalogue, the attack vector is inferred to be local or remote via an exposed file import process, making exploitation feasible for an attacker with access to the input mechanism.

Generated by OpenCVE AI on March 31, 2026 at 19:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a version newer than 2.2.77
  • If a patch is not yet available, disable the file import function until a fix is released
  • Monitor logs for unauthorized file changes or abnormal activity
  • Check the vendor’s website or security advisories regularly for updates

Generated by OpenCVE AI on March 31, 2026 at 19:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in UXGROUP Cast to TV Screen Mirroring v2.2.77 Enables Remote Code Execution

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CWE-73
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T17:38:48.635Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30282

cve-icon Vulnrichment

Updated: 2026-03-31T17:34:30.306Z

cve-icon NVD

Status : Received

Published: 2026-03-31T18:16:47.123

Modified: 2026-03-31T18:16:47.123

Link: CVE-2026-30282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:50Z

Weaknesses