CVE-2025-13955
Deferred Deferred - Pending Action

BaseFortify

Vulnerability report for CVE-2025-13955, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2026-05-28

Assigner: Switzerland Government Common Vulnerability Program

Description

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2026-05-28
Generated
2026-07-06
AI Q&A
2025-12-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ezcast pro_ii 1.17478.146

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves a predictable default Wi-Fi password in the Access Point functionality of EZCast Pro II version 1.17478.146. Attackers within Wi-Fi range can calculate the default password by using observable device identifiers, allowing them to gain unauthorized access to the dongle.

Impact Analysis

An attacker within Wi-Fi range can gain unauthorized access to the EZCast Pro II dongle by calculating its default Wi-Fi password. This can lead to unauthorized use or control of the device, potential data interception, or further network compromise.

Detection Guidance

This vulnerability can be detected by identifying EZCast Pro II dongles operating in Access Point mode within your Wi-Fi range and checking if they use the predictable default Wi-Fi password. Since the password is derived from observable device identifiers, monitoring Wi-Fi networks for SSIDs or devices matching EZCast Pro II dongles and attempting to calculate or test the default password can help detect vulnerable devices. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include disconnecting the EZCast Pro II dongle from local networks, restricting its use to Access Point mode only, and changing the default Wi-Fi password to a non-predictable one. Since no firmware patch is currently available, these measures reduce the attack surface and help prevent unauthorized access. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13955. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart