CVE-2026-24348

High CVSS: 7.4

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.

Vendor

Nimbletech

Product

Ezcast Pro Dongle Ii Firmware

CWE

CWE-20

Yayın Tarihi

2026-01-27 10:15:49

Güncelleme

2026-02-05 17:24:11

Source Identifier

vulnerability@ncsc.ch

KEV Date Added

Kategoriler

CWE-20 Ezcast Pro Dongle Ii Firmware HIGH Nimbletech 2026

Referanslar

https://hub.ntc.swiss/ntcf-2025-145332

Benzer Kayıtlar

High

CVE-2026-24346

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protec…

Medium

CVE-2026-24347

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /…

Medium

CVE-2026-24345

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization che…