CVE-2026-30282

{"id": "CVE-2026-30282", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2026-03-31T18:16:47.123", "references": [{"url": "http://cast.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://appcraze.co/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/27", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://secsys.fudan.edu.cn/", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure."}], "lastModified": "2026-04-07T21:00:07.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uxgroupllc:cast_to_tv:2.2.77:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "0B54F1E3-085D-43C2-BD42-4F3AE84C374A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}