CVE-2026-24344
Buffer Overflow in EZCast Pro II Admin UI Enables Remote Code Execution
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimbletech | ezcast_pro_ii | 1.17478.146 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24344 involves multiple buffer overflow vulnerabilities in the Admin UI of the EZCast Pro II dongle by NimbleTech. These vulnerabilities allow attackers to cause program crashes and potentially execute remote code on the affected device, specifically version 1.17478.146. [1]
How can this vulnerability impact me? :
This vulnerability can lead to program crashes and potentially allow attackers to execute remote code on the EZCast Pro II device. This could compromise the device's security, potentially allowing unauthorized control or disruption of its functions. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disconnecting the EZCast Pro II dongle from local networks, restricting its use strictly to access point functionality to reduce the attack surface, and changing the default password. [1]