Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory

Multiple vulnerabilities have been identified in the EZCast Pro II Dongle from NimbleTech. A comprehensive list of all related vulnerabilities for this device can be found on the NTC vulnerability hub.

Mitigation

As the vendor has not yet been able to provide patches, we strongly recommend following the corresponding warning issued by the National Cyber Security Centre NCSC. Until a firmware patch is made available, users are advised to take the following immediate actions:

• Disconnect the dongle from the local network.
• Limit usage strictly to access point functionality to minimize the attack surface.
• Change the default password.

Disclosure Policy

In accordance with the NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis. Please use the contact form and provide an explanation for your request.

Summary Report

The NTC will shortly publish a summary report on the security of peripheral devices.

References

• CVE-2026-24347
• NCSC CVD case