Cross-Site Request Forgery in Admin UI of EZCast Pro II allows attackers to bypass authorization checks and gain full access to the admin UI

Multiple vulnerabilities have been identified in the EZCast Pro II Dongle from NimbleTech. A comprehensive list of all related vulnerabilities for this device can be found on the NTC vulnerability hub.

Mitigation

As the vendor has not yet been able to provide patches, we strongly recommend following the corresponding warning issued by the National Cyber Security Centre NCSC. Until a firmware patch is made available, users are advised to take the following immediate actions:

• Disconnect the dongle from the local network.
• Limit usage strictly to access point functionality to minimize the attack surface.
• Change the default password.

Disclosure Policy

In accordance with the NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis. Please use the contact form and provide an explanation for your request.

Acknowledgement

The NTC appreciates the valuable contribution of Redguard AG during the exchange regarding this vulnerability.

Summary Report

The NTC will shortly publish a summary report on the security of peripheral devices.

References

• CVE-2026-24345
• NCSC CVD case