CVE-2026-24348 – Multiple cross-site scripting vulnerabilities i... (How to Fix)

Q: What is the severity of CVE-2026-24348?

CVE-2026-24348 has a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting vulnerabilities in the Admin UI of EZCast Pro II allow attackers to inject and execute arbitrary JavaScript code in other administrators' browsers. This affects administrators who access the vulnerable Admin UI interface. Attackers could steal session cookies, perform actions as the administrator, or redirect users to malicious sites.

📋 TL;DR

Multiple cross-site scripting vulnerabilities in the Admin UI of EZCast Pro II allow attackers to inject and execute arbitrary JavaScript code in other administrators' browsers. This affects administrators who access the vulnerable Admin UI interface. Attackers could steal session cookies, perform actions as the administrator, or redirect users to malicious sites.

💻 Affected Systems

Products:

EZCast Pro II

Versions: 1.17478.146

Operating Systems: Any OS running the EZCast Pro II software

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Admin UI interface. Regular user interfaces may not be affected.

📦 What is this software?

Ezcast Pro Dongle Ii Firmware by Nimbletech

View all CVEs affecting Ezcast Pro Dongle Ii Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of admin accounts leading to device takeover, data theft, or deployment of malware to connected systems.

🟠

Likely Case

Session hijacking allowing unauthorized access to admin functions, configuration changes, or credential theft.

🟢

If Mitigated

Limited impact if proper network segmentation, admin access controls, and input validation are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to have access to trick an admin into visiting a malicious link or interacting with crafted content in the Admin UI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://hub.ntc.swiss/ntcf-2025-145332

Restart Required: No

Instructions:

1. Monitor vendor website for security updates. 2. Apply patch when available. 3. Verify fix by testing XSS payloads in Admin UI fields.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server headers

Restrict Admin UI Access

all

Limit Admin UI access to trusted IP addresses only

Configure firewall rules to allow only specific IPs to access Admin UI port

🧯 If You Can't Patch

Isolate EZCast Pro II on separate VLAN with strict access controls
Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test Admin UI input fields with basic XSS payloads like <script>alert('test')</script>

Check Version:

Check Admin UI interface or device settings for version information

Verify Fix Applied:

Retest with XSS payloads after applying fixes - scripts should not execute

📡 Detection & Monitoring

Log Indicators:

Unusual admin login locations
Multiple failed login attempts followed by successful login
Admin actions from unexpected user agents

Network Indicators:

HTTP requests containing script tags or JavaScript in query parameters
Unusual outbound connections from admin workstations

SIEM Query:

source="ezcast_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2026-24348

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-20

EPSS Score: 0.05% exploit probability (15.2th percentile)

Published: January 27, 2026

Last Updated: February 5, 2026

🔗 References

https://hub.ntc.swiss/ntcf-2025-145332 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24348, you might also want to check these: