Nimbletech Ezcast_pro_dongle_ii_firmware
4 CVEs affecting Nimbletech Ezcast_pro_dongle_ii_firmware. Latest disclosed: 2026-01-27. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24346 | Critical | 9.1 | 2026-01-27 | Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application |
CVE-2026-24345 | High | 8.8 | 2026-01-27 | Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI |
CVE-2026-24348 | Medium | 6.1 | 2026-01-27 | Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the brow… |
CVE-2026-24347 | Medium | 5.3 | 2026-01-27 | Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory |