MidnightBSD

Advisories for nimbletech

CVE-2026-24345

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI

Products Affected

Vendor Product Version
nimbletech ezcast_pro_dongle_ii_firmware 1.17478.146
CVE-2026-24346

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application

Products Affected

Vendor Product Version
nimbletech ezcast_pro_dongle_ii_firmware 1.17478.146
CVE-2026-24347

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory

Products Affected

Vendor Product Version
nimbletech ezcast_pro_dongle_ii_firmware 1.17478.146
CVE-2026-24348

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.

Products Affected

Vendor Product Version
nimbletech ezcast_pro_dongle_ii_firmware 1.17478.146