{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24344", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-01-22T12:55:22.577Z", "datePublished": "2026-01-27T09:04:34.750Z", "dateUpdated": "2026-01-27T14:25:06.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "EZCast Pro II", "vendor": "EZCast", "versions": [{"status": "affected", "version": "1.17478.146"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Swiss National Test Institute for Cybersecurity NTC"}, {"lang": "en", "type": "coordinator", "value": "Swiss National Cybersecurity Centre"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution"}], "value": "Multiple\u00a0Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}, {"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.3, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-01-27T09:04:34.750Z"}, "references": [{"url": "https://hub.ntc.swiss/ntcf-2025-68873"}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple Buffer Overflows in EZCast Pro II Dongle", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Until a firmware patch is made available by the vendor, users are advised to disconnect the dongle from their local network and limit its use strictly to Access Point functionality to minimize the attack surface."}], "value": "Until a firmware patch is made available by the vendor, users are advised to disconnect the dongle from their local network and limit its use strictly to Access Point functionality to minimize the attack surface."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:24:24.341887Z", "id": "CVE-2026-24344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:25:06.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T14:24:24.341887Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:24:43.116Z"}}], "cna": {"title": "Multiple Buffer Overflows in EZCast Pro II Dongle", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Swiss National Test Institute for Cybersecurity NTC"}, {"lang": "en", "type": "coordinator", "value": "Swiss National Cybersecurity Centre"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}, {"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.3, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EZCast", "product": "EZCast Pro II", "versions": [{"status": "affected", "version": "1.17478.146"}], "defaultStatus": "affected"}], "references": [{"url": "https://hub.ntc.swiss/ntcf-2025-68873"}], "workarounds": [{"lang": "en", "value": "Until a firmware patch is made available by the vendor, users are advised to disconnect the dongle from their local network and limit its use strictly to Access Point functionality to minimize the attack surface.", "supportingMedia": [{"type": "text/html", "value": "Until a firmware patch is made available by the vendor, users are advised to disconnect the dongle from their local network and limit its use strictly to Access Point functionality to minimize the attack surface.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Multiple\u00a0Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution", "supportingMedia": [{"type": "text/html", "value": "Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-01-27T09:04:34.750Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24344", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:25:06.534Z", "dateReserved": "2026-01-22T12:55:22.577Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-01-27T09:04:34.750Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple\u00a0Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution"}], "id": "CVE-2026-24344", "lastModified": "2026-01-27T14:59:34.073", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-01-27T09:15:48.767", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://hub.ntc.swiss/ntcf-2025-68873"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"created": "2026-01-27T20:16:48.906897+00:00", "updated": "2026-01-27T20:16:48.906923+00:00", "vendors": ["actions-micro", "actions-micro$PRODUCT$ezcast_pro_ii", "actions-micro$PRODUCT$ezcast_pro_ii_firmware"]}