What the vulnerability does
01Description
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory
CVE-2026-24347
MEDIUM
CVE-2026-24347: Arbitrary file write to /tmp directory in EZCast Pro II Dongle
CVSS base score
5.7/10
CVSS vector
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U
Key dates
02Disclosure timeline
January 27, 2026
CVE published
January 27, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2020-11008 Malicious URLs can still cause Git to send a stored credential to the wrong server
CVE-2024-3747 Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block
CVE-2023-35136
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
CVE-2025-25210
