{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24347", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-01-22T12:55:22.578Z", "datePublished": "2026-01-27T09:22:38.550Z", "dateUpdated": "2026-01-27T14:53:25.851Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "EZCast Pro II", "vendor": "EZCast", "versions": [{"status": "affected", "version": "1.17478.146"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Swiss National Test Institute for Cybersecurity NTC"}, {"lang": "en", "type": "coordinator", "value": "Swiss National Cybersecurity Centre"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory"}], "value": "Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.7, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-01-27T09:22:38.550Z"}, "references": [{"url": "https://hub.ntc.swiss/ntcf-2025-32806"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary file write to /tmp directory in EZCast Pro II Dongle", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:50:04.082901Z", "id": "CVE-2026-24347", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:53:25.851Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T14:50:04.082901Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:51:02.520Z"}}], "cna": {"title": "Arbitrary file write to /tmp directory in EZCast Pro II Dongle", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Swiss National Test Institute for Cybersecurity NTC"}, {"lang": "en", "type": "coordinator", "value": "Swiss National Cybersecurity Centre"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.7, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EZCast", "product": "EZCast Pro II", "versions": [{"status": "affected", "version": "1.17478.146"}], "defaultStatus": "affected"}], "references": [{"url": "https://hub.ntc.swiss/ntcf-2025-32806"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory", "supportingMedia": [{"type": "text/html", "value": "Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-01-27T09:22:38.550Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24347", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:53:25.851Z", "dateReserved": "2026-01-22T12:55:22.578Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-01-27T09:22:38.550Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nimbletech:ezcast_pro_dongle_ii_firmware:1.17478.146:*:*:*:*:*:*:*", "matchCriteriaId": "D9C1B80A-D748-40B9-B2FB-476107B3D705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nimbletech:ezcast_pro_dongle_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "0621F0E0-6ABB-46E2-8E85-22C8695ACE87", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory"}], "id": "CVE-2026-24347", "lastModified": "2026-02-05T17:31:57.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-01-27T10:15:49.220", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Third Party Advisory"], "url": "https://hub.ntc.swiss/ntcf-2025-32806"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:50:45.228874+00:00", "value": {"mitigation_remediation": ["Upgrade the EZCast Pro II dongle firmware to a version that includes the fix for the /tmp file write issue.", "Restrict administrative UI access to trusted local networks or specific IP ranges to minimize the attack surface.", "If firmware upgrade is not immediately possible, disable remote administration features or block access to the Admin UI port through the network firewall."], "summary": {"action": "Apply Patch", "impact": "Arbitrary file write"}, "threat_synthesis": {"affected_systems": "The affected system is the EZCast Pro II dongle, specifically firmware version 1.17478.146. No other versions are listed as affected in the input.", "description_and_impact": "Improper input validation in the Admin UI of EZCast Pro II allows an attacker to manipulate files within the /tmp directory. This flaw is represented by CWE\u201120 Input Validation errors. The vulnerability could enable an attacker to create or overwrite files in a temporary location, potentially affecting configuration or execution of subsequent processes. The CVSS score of 5.7 indicates moderate severity, with no indication of remote code execution from the provided description.", "risk_and_exploitability": "The CVSS score of 5.7 combined with an EPSS score of less than 1% suggests the risk is moderate but the exploitation probability is low. The vulnerability is not listed in the KEV catalog. The likely attack vector is through the Admin UI interface, which may be reachable over the local network or exposed externally \u2013 this is inferred from the description of an Admin UI issue. No additional exploitation conditions are provided in the data."}}}}, "created": "2026-01-27T20:17:21.044918+00:00", "updated": "2026-04-18T15:00:03.442088+00:00", "vendors": ["actions-micro", "actions-micro$PRODUCT$ezcast_pro_ii", "actions-micro$PRODUCT$ezcast_pro_ii_firmware"]}