CVE-2025-13955
📋 TL;DR
This vulnerability allows attackers within Wi-Fi range to calculate the default password for EZCast Pro II dongles using observable device identifiers. Attackers can gain unauthorized access to the device's access point functionality. Only users of EZCast Pro II version 1.17478.146 with default Wi-Fi settings are affected.
💻 Affected Systems
- EZCast Pro II
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of the dongle, potentially intercepting or manipulating casted content, accessing connected networks, or using the device as an entry point to internal networks.
Likely Case
Unauthorized users connect to the dongle's Wi-Fi network, disrupting legitimate casting sessions or accessing limited device functionality.
If Mitigated
No impact if custom Wi-Fi passwords are used or if the device is not in Wi-Fi access point mode.
🎯 Exploit Status
Attack requires physical proximity to Wi-Fi signal and knowledge of the password calculation algorithm. No authentication needed to attempt connection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/cvd-cases/cvd-case-1-test.html
Restart Required: No
Instructions:
No official patch available. Refer to workarounds section for mitigation steps.
🔧 Temporary Workarounds
Change Default Wi-Fi Password
allSet a strong, unique password for the dongle's Wi-Fi access point functionality
Connect to EZCast Pro II Wi-Fi network
Access web interface (typically 192.168.203.1)
Navigate to Wi-Fi settings
Change password to strong random value
Disable Wi-Fi Access Point Mode
allUse alternative connection methods (HDMI, wired network) instead of Wi-Fi access point
Access device settings
Disable 'Wi-Fi AP' or 'Hotspot' functionality
🧯 If You Can't Patch
- Physically secure devices to prevent unauthorized proximity access
- Segment network to isolate EZCast devices from sensitive systems
🔍 How to Verify
Check if Vulnerable:
Check if device is using default Wi-Fi password by attempting to calculate password from MAC address or device identifier visible in Wi-Fi network nameCheck Version:
Check device firmware version in web interface at 192.168.203.1 or via device displayVerify Fix Applied:
Attempt to connect to device Wi-Fi using calculated default password - should fail if properly mitigated📡 Detection & Monitoring
Log Indicators:
- Multiple failed Wi-Fi connection attempts
- Unexpected devices connected to EZCast Wi-Fi network
Network Indicators:
- Unusual traffic from EZCast device
- Multiple MAC addresses attempting connections
SIEM Query:
source="ezcast" AND (event_type="auth_failure" OR event_type="new_connection")