CVE-2026-24347 is a vulnerability identified in EZCast Pro II version 1.17478.146, stemming from improper input validation (CWE-20) in the device's administrative user interface. Specifically, the flaw allows attackers who have high-level privileges to manipulate files within the /tmp directory. The /tmp directory is typically used for temporary file storage and can be leveraged by attackers to place or modify files that may influence the device's behavior or facilitate further attacks. The vulnerability does not require user interaction but does require the attacker to have authenticated access with high privileges, which limits exploitation to insiders or compromised accounts. The CVSS 4.0 vector indicates the attack is remote (AV:A - adjacent network), with high attack complexity (AC:H), no privileges required (PR:H means high privileges required), no user interaction (UI:N), and impacts confidentiality and integrity to a high degree (CI:H). There is no impact on availability. No known exploits have been reported in the wild, and no patches are currently linked, suggesting the vendor may not have released a fix yet. The vulnerability was published on January 27, 2026, and assigned by NCSC.ch. The improper input validation could allow attackers to bypass security controls within the Admin UI, potentially leading to unauthorized file manipulation that could be used for privilege escalation or persistence.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of data managed or processed by EZCast Pro II devices. Since exploitation requires high privilege authenticated access, the threat is more significant in environments where administrative credentials are weakly protected or where insider threats exist. Manipulation of files in the /tmp directory could enable attackers to implant malicious scripts or alter device behavior, potentially leading to further compromise of network segments or sensitive information leakage. Educational institutions, corporate meeting rooms, and other environments using EZCast Pro II for wireless display and collaboration may be affected. The impact is somewhat contained due to the requirement for high privileges and no known remote exploitation without authentication. However, if exploited, it could facilitate lateral movement or persistence within a network, increasing the risk of broader compromise. The lack of a patch increases the urgency for interim mitigations. The medium severity rating reflects a moderate risk that should not be ignored, especially in regulated sectors or organizations with high security standards.

1. Restrict administrative access to EZCast Pro II devices strictly to trusted personnel and secure accounts with strong, unique passwords and multifactor authentication where possible. 2. Monitor and audit access logs to detect any unauthorized or unusual administrative activity. 3. Implement network segmentation to isolate EZCast devices from critical infrastructure and sensitive data repositories. 4. Regularly monitor the /tmp directory on affected devices for unexpected or unauthorized file changes using file integrity monitoring tools. 5. Apply vendor patches promptly once they become available; engage with EZCast support to obtain updates or workarounds. 6. Consider disabling or limiting the Admin UI access to trusted networks or via VPN to reduce exposure. 7. Educate administrators about the risks of improper input validation vulnerabilities and the importance of credential security. 8. If patching is delayed, consider temporary compensating controls such as restricting device usage or replacing vulnerable devices in high-risk environments.