CVE-2026-24345

HIGH

EZCast Pro II <1.17478.146 - CSRF

Title source: llm

Description

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI

References (1)

[Third Party Advisory] https://hub.ntc.swiss/ntcf-2025-32832

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352 CWE-20

Status published

Affected Products (1)

nimbletech/ezcast_pro_dongle_ii_firmware

Timeline

Published Jan 27, 2026

Tracked Since Feb 18, 2026