CVE-2026-24345
HIGH WAF: Medium
CVSS 8.8
Published: 2026-01-27
CWE-20 CWE-352
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nimbletech | ezcast_pro_dongle_ii_firmware | 1.17478.146 |
References
- hub.ntc.swiss (Third Party Advisory)