CVE-2026-30282
Summary
| CVE | CVE-2026-30282 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-31 18:16:47 UTC |
| Updated | 2026-04-01 14:24:02 UTC |
| Description | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. |
Risk And Classification
Primary CVSS: v3.1 9 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS: 0.000340000 probability, percentile 0.099600000 (date 2026-04-02)
Problem Types: CWE-22 | CWE-73 | n/a | CWE-73 CWE-73 External Control of File Name or Path | CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| appcraze.co | [email protected] | appcraze.co | |
| secsys.fudan.edu.cn | [email protected] | secsys.fudan.edu.cn | |
| github.com/Secsys-FDU/AF_CVEs/issues/27 | [email protected] | github.com | |
| cast.com | [email protected] | cast.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.