CVE-2026-30282 - Vulnerability Details

Description

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.

Published: 2026-03-31

Score: 9 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw allows an attacker to overwrite arbitrary internal files during the file import routine of the application. By replacing critical files, the attacker can execute code of their choosing or expose sensitive information. The weakness is reflected in CWE-22, which deals with path traversal or manipulation, and CWE-73, which covers absolute path traversal, indicating that the file system is improperly validated and controlled.

Affected Systems

The vulnerability affects the UXGROUP LLC Cast to TV Screen Mirroring application, version 2.2.77, which runs on Android devices. No other product or version information was provided.

Risk and Exploitability

With a CVSS score of 9, the flaw represents high severity, and while the EPSS score is less than 1% suggesting that existing exploitation activity is low, the potential for remote code execution remains serious. The likely attack vector is remote, based on delivering a specially crafted file through the import feature—probably over a local network or via an untrusted file source—though the exact deployment method is not detailed in the description. The absence of a listing in the CISA KEV catalog does not diminish the inherent risk of this remote code execution capability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:uxgroupllc:cast_to_tv:2.2.77:*:*:*:*:android:*:*

No data.

Vendor Product Confidence Versions

Uxgroup

Cast To Tv Screen Mirroring

100%

Version	Status	Scheme	Platform
`2.2.77`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest vendor‑supplied patch for Cast to TV Screen Mirroring.
If a patch is not yet available, update to a newer version after verifying compatibility, or contact the vendor for a fix.
Disable or restrict the file import functionality on devices where it is not needed or limit it to trusted users.
Monitor device logs for unexpected file modifications or signs of injection attempts.

Generated by OpenCVE AI on April 7, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
http://cast.com
https://appcraze.co/
https://github.com/Secsys-FDU/AF_CVEs/issues/27
https://secsys.fudan.edu.cn/

History

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title	Arbitrary File Overwrite in UXGROUP Cast to TV Screen Mirroring v2.2.77 Enables Remote Code Execution

Tue, 07 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Uxgroupllc Uxgroupllc cast To Tv
CPEs		cpe:2.3:a:uxgroupllc:cast_to_tv:2.2.77:::::android::
Vendors & Products		Uxgroupllc Uxgroupllc cast To Tv

Fri, 03 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Uxgroup Uxgroup cast To Tv Screen Mirroring
Vendors & Products		Uxgroup Uxgroup cast To Tv Screen Mirroring

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Arbitrary File Overwrite in UXGROUP Cast to TV Screen Mirroring v2.2.77 Enables Remote Code Execution

Tue, 31 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22 CWE-73
Metrics		cvssV3_1 `{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
References		http://cast.com https://appcraze.co/ https://github.com/Secsys-FDU/AF_CVEs/issues/27 https://secsys.fudan.edu.cn/

Subscriptions

Uxgroup Cast To Tv Screen Mirroring

Uxgroupllc Cast To Tv

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-03-31T17:38:48.635Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30282

Vulnrichment

Updated: 2026-03-31T17:34:30.306Z

NVD

Status : Analyzed

Published: 2026-03-31T18:16:47.123

Modified: 2026-04-07T21:00:07.770

Link: CVE-2026-30282

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-08T20:00:30Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object