Security Vulnerability Advisory
-------------------------------
CVE: CVE-2019-12306
Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_unauthenticated_settings_modification-cve-2019-12306.txt


Title
-----
Unauthenticated Settings Modification


Overview
--------
The EZCast settings aren't protected by authentication. It's possible for an
unauthenticated user to change the network configuration or administrator's
password in particular.


Affected Products
-----------------
- EZCast Pro II


Details
-------
The EZCast uses a set of CGI files in /cgi-bin to recover informations about
the current configuration and modify it. While the user interface is
protected by a password, direct access to CGI files is not. It is therefore
possible to perform any request without being authenticated such as setting
the administrator's password for the device.

CVSSv3 Overall Score: 7.6
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L


Solution
--------
As of 08/04/2019, EZCast declared that a firmware upgrade fixing this issue is available "over-the-air". Make sure to upgrade the firmware using your prefered app from EZcast, see Support section: https://ezcast-pro.com/ezcast-pro/pro2/


Credits
-------
This vulnerability was discovered by Cédric Picard from digital.security Luxembourg and Pieterjan Denys from digital.security Belgium.


Revision History
----------------
Revision 0.1: 05/14/2019 / Initial release
Revision 1.0: 04/29/2020 / Advisory publication


Timeline
--------
2019.04.19 Vulnerability found during client audit - that client is informed
2019.05.14 Vulnerability reported to CERT-DS
2019.05.23 Vulnerability reported to EZCast
2020.04.29 Advisory publication


References
----------
https://www.ezcast.com/product/ezcast/pro/dongle2