CVE-2026-24345 – This Cross-Site Request Forgery vulnerability i... (How to Fix)

Q: What is the severity of CVE-2026-24345?

CVE-2026-24345 has a CVSS score of 8.8 (HIGH). This Cross-Site Request Forgery vulnerability in the EZCast Pro II admin interface allows attackers to trick authenticated administrators into executing unauthorized actions. Attackers can bypass authorization checks and gain full administrative access to the device. Organizations using EZCast Pro II version 1.17478.146 are affected.

📋 TL;DR

This Cross-Site Request Forgery vulnerability in the EZCast Pro II admin interface allows attackers to trick authenticated administrators into executing unauthorized actions. Attackers can bypass authorization checks and gain full administrative access to the device. Organizations using EZCast Pro II version 1.17478.146 are affected.

💻 Affected Systems

Products:

EZCast Pro II

Versions: 1.17478.146

Operating Systems: Embedded OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with admin UI accessible and admin sessions active. The vulnerability is in the web-based administration interface.

📦 What is this software?

Ezcast Pro Dongle Ii Firmware by Nimbletech

View all CVEs affecting Ezcast Pro Dongle Ii Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the EZCast Pro II device, allowing attackers to reconfigure settings, intercept presentations, install malicious firmware, or use the device as a pivot point into internal networks.

🟠

Likely Case

Unauthorized administrative access leading to presentation hijacking, device configuration changes, or disruption of presentation services.

🟢

If Mitigated

Limited impact with proper network segmentation and admin user awareness training, though CSRF protection bypass remains a concern.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated admin into visiting a malicious webpage. No authentication bypass needed beyond CSRF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://hub.ntc.swiss/ntcf-2025-32832

Restart Required: No

Instructions:

1. Monitor vendor website for security updates. 2. Check for firmware updates in device admin UI. 3. Apply any available patches immediately.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all admin UI forms and validate them server-side.

Restrict Admin UI Access

all

Limit access to admin interface to specific IP addresses or VLANs.

🧯 If You Can't Patch

Segment EZCast Pro II devices on isolated network segments
Require admins to use separate browser profiles and log out after each session

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in admin UI under System Information. If version is exactly 1.17478.146, device is vulnerable.

Check Version:

Check via web browser: http://[device-ip]/admin then navigate to System Information

Verify Fix Applied:

Verify firmware version has changed from 1.17478.146 after applying vendor patch.

📡 Detection & Monitoring

Log Indicators:

Multiple admin actions from unexpected IP addresses
Configuration changes without corresponding admin logins

Network Indicators:

HTTP POST requests to admin endpoints without Referer headers
Admin UI requests from non-admin network segments

SIEM Query:

source="ezcast-pro-ii" AND (action="admin_change" OR endpoint="/admin/") AND NOT src_ip IN admin_ip_list

📊 Metadata

CVE ID: CVE-2026-24345

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: January 27, 2026

Last Updated: February 5, 2026

🔗 References

https://hub.ntc.swiss/ntcf-2025-32832 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24345, you might also want to check these: