Security Vulnerability Advisory ------------------------------- CVE: CVE-2019-12307 Publication Date: 04/29/2020 Revision: 1.0 Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_csrf-cve-2019-12307.txt Title ----- Multiple Cross-Site Request Forgery Overview -------- The EZCast administration panel has no protection against CSRF. This allows changing the configuration of the device from another web page transparently. Affected Products ----------------- - EZCast Pro II Details ------- A CSRF attack allows a website to make requests to another website by using an unknowing user as pivot. In this case it means that a user connected to the EZCast can unknowingly change its settings by visiting a malicious web page prepared by an attacker. This is because all settings requests are entirely predictable. Furthermore the attack is made easier by the fact that these requests are unauthenticated and that POST and GET arguments are interchangeable. In particular it is possible to change the network settings or the admin password of the EZCast simply by visiting a web page. The user visiting that page must however be connected to the EZCast which assumes local access. CVSSv3 Overall Score: 7.4 CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L Solution -------- As of 08/04/2019, EZCast declared that a firmware upgrade fixing this issue is available "over-the-air". Make sure to upgrade the firmware using your prefered app from EZcast, see Support section: https://ezcast-pro.com/ezcast-pro/pro2/ Credits ------- This vulnerability was discovered by Cédric Picard from digital.security Luxembourg and Pieterjan Denys from digital.security Belgium. Revision History ---------------- Revision 0.1: 05/14/2019 / Initial release Revision 1.0: 04/29/2020 / Advisory publication Timeline -------- 2019.04.19 Vulnerability found during client audit - that client is informed 2019.05.14 Vulnerability reported to CERT-DS 2019.05.23 Vulnerability reported to EZCast 2020.04.29 Advisory publication References ---------- https://www.ezcast.com/product/ezcast/pro/dongle2