CVE-2025-13955
9.3
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/AU:Y/RE:L
Summary
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| EZCast | EZCast Pro II | 0 < 1.17478.177 | affected |
Weaknesses
- CWE-330: CWE-330 Use of Insufficiently Random Values
Workarounds
Until a firmware patch is made available by the vendor, all users are advised to change the default password in the management UI.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/cvd-cases/cvd-case-1-test.html
- https://www.nimbletech.com.tw/index.php/release-note/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.