CVE-2025-13955 PUBLISHED

Predictable Default Wi-Fi Password in EZCast Pro II Dongle

Assigner: NCSC.ch
Reserved: 03.12.2025 Published: 10.12.2025 Updated: 10.12.2025

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/AU:Y/RE:L
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	EZCast
Product	EZCast Pro II
Versions	Default: affected Version 1.17478.146 is affected

Workarounds

Until a firmware patch is made available by the vendor, all users are advised to change the default password in the management UI.

Credits

Swiss National Test Institute for Cybersecurity NTC finder
Swiss National Cybersecurity Centre coordinator

References

https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/cvd-cases/cvd-case-1-test.html

Problem Types

CWE-330 Use of Insufficiently Random Values CWE

Impacts

CAPEC-115 Authentication Bypass