CVE-2026-24347 – Improper input validation in the Admin UI of EZ... (How to Fix)

Q: What is the severity of CVE-2026-24347?

CVE-2026-24347 has a CVSS score of 5.3 (MEDIUM). Improper input validation in the Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory. This vulnerability affects systems running the vulnerable version of EZCast Pro II software.

📋 TL;DR

Improper input validation in the Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory. This vulnerability affects systems running the vulnerable version of EZCast Pro II software.

💻 Affected Systems

Products:

EZCast Pro II

Versions: Version 1.17478.146

Operating Systems: Linux-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Admin UI accessible and running the specific vulnerable version.

📦 What is this software?

Ezcast Pro Dongle Ii Firmware by Nimbletech

View all CVEs affecting Ezcast Pro Dongle Ii Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could overwrite critical system files, execute arbitrary code, or achieve privilege escalation by manipulating files in the /tmp directory.

🟠

Likely Case

Attackers can create, modify, or delete temporary files, potentially leading to denial of service or data corruption.

🟢

If Mitigated

With proper input validation and file permission controls, impact is limited to non-critical temporary file manipulation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to the Admin UI interface and knowledge of the input validation flaw.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://hub.ntc.swiss/ntcf-2025-32806

Restart Required: Yes

Instructions:

1. Monitor vendor website for security updates. 2. Apply patch when available. 3. Restart affected services.

🔧 Temporary Workarounds

Restrict Admin UI Access

linux

Limit access to the Admin UI interface using firewall rules or network segmentation.

iptables -A INPUT -p tcp --dport [admin_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [admin_port] -j DROP

Secure /tmp Directory

linux

Apply stricter permissions and mount options to the /tmp directory to limit file manipulation.

chmod 1777 /tmp
mount -o remount,noexec,nosuid /tmp

🧯 If You Can't Patch

Implement network segmentation to isolate EZCast Pro II systems from critical infrastructure.
Deploy application firewalls to monitor and block suspicious Admin UI requests.

🔍 How to Verify

Check if Vulnerable:

Check the software version via Admin UI or system logs for version 1.17478.146.

Check Version:

grep -i version /var/log/ezcast.log || check Admin UI settings page

Verify Fix Applied:

Verify version has been updated beyond 1.17478.146 and test Admin UI input validation.

📡 Detection & Monitoring

Log Indicators:

Unusual file operations in /tmp directory
Multiple failed Admin UI login attempts
Suspicious Admin UI requests with file paths

Network Indicators:

Unusual traffic patterns to Admin UI port
Requests containing file manipulation patterns

SIEM Query:

source="ezcast.log" AND ("tmp" OR "file") AND ("create" OR "delete" OR "modify")

📊 Metadata

CVE ID: CVE-2026-24347

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-20

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: January 27, 2026

Last Updated: February 5, 2026

🔗 References

https://hub.ntc.swiss/ntcf-2025-32806 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24347, you might also want to check these: