CVE-2026-24347
BaseFortify
Publication date: 2026-01-27
Last updated on: 2026-02-05
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimbletech | ezcast_pro_dongle_ii_firmware | 1.17478.146 |
| nimbletech | ezcast_pro_dongle_ii | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue in the Admin UI of the EZCast Pro II device (version 1.17478.146). It allows attackers to manipulate files in the /tmp directory, potentially leading to unauthorized file modifications or other malicious actions within that directory. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers with access to the Admin UI to manipulate files in the /tmp directory, which may lead to unauthorized changes or disruptions in the device's operation. This could compromise the device's integrity and potentially affect the network it is connected to. Since no patch is currently available, mitigations such as disconnecting the device from the local network and restricting its functionality are recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigations include disconnecting the EZCast Pro II dongle from the local network, restricting its use strictly to access point functionality to reduce the attack surface, and changing the default password. These steps are recommended as no firmware patch is currently available. [1]