CVE-2026-30282
Arbitrary File Overwrite in Cast to TV Screen Mirroring Leads to Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uxgroupllc | cast_to_tv | 2.2.77 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30282 is an arbitrary file overwrite vulnerability in the UXGROUP LLC Cast to TV Screen Mirroring app version 2.2.77. It arises from insufficient security validation during the file import process, allowing attackers to use crafted file paths with directory traversal techniques to overwrite critical internal files.
This flaw enables attackers to gain unauthorized access to sensitive files stored in the appβs internal storage and potentially execute arbitrary code or expose information.
The exploit can be triggered automatically without complex user interaction, by opening a malicious app that leverages this vulnerability.
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including arbitrary code execution and sensitive information exposure.
- Attackers can overwrite critical internal files, potentially compromising the appβs integrity and functionality.
- Sensitive data stored within the app can be accessed and leaked by attackers.
- The leaked data can be written to shared external storage, making it accessible to other apps and increasing the risk of account hijacking.
- The attack requires minimal user interaction and can be triggered automatically, increasing the risk of exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring the behavior of the "Cast to TV - Screen Mirroring" app, specifically version 2.2.77 by UXGROUP LLC, for unauthorized file import activities that use directory traversal techniques.
Since the vulnerability allows arbitrary file overwrite via crafted file paths during the file import process, detection can focus on identifying unusual file system changes or suspicious file import operations within the app's internal storage.
Commands to detect suspicious activity might include:
- On a device with access to the app's storage, use file integrity monitoring tools or commands like `find` to detect recently modified or unexpected files in the app's internal storage directories.
- Use `logcat` (on Android devices) to monitor app logs for unusual file import or error messages related to file path handling.
- Network monitoring tools can be used to detect unexpected outbound connections from the device to unknown servers, as the exploit involves exfiltrating data to attacker-controlled servers.
- Example command to find recently modified files in the app's internal storage (assuming access): `find /data/data/ai.chatbot.alpha.chatapp/ -type f -mtime -1`
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Uninstall or disable the vulnerable version (2.2.77) of the "Cast to TV - Screen Mirroring" app until a patched version is available.
- Restrict file import functionality or avoid importing files from untrusted sources to prevent exploitation via crafted file paths.
- Monitor app permissions and restrict access to internal storage where possible.
- Use mobile device management (MDM) solutions to control app installations and updates.
- Keep the device's operating system and security patches up to date to reduce the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive files stored in the appβs internal storage and leads to sensitive information leakage. This exposure of sensitive data can result in violations of data protection regulations such as GDPR and HIPAA, which mandate strict controls over personal and sensitive information to prevent unauthorized disclosure.
Because the exploit can lead to account hijacking and data exfiltration without complex user interaction, it increases the risk of non-compliance with standards requiring data confidentiality and integrity.