External risk intelligence

Cast to TV Arbitrary File Overwrite Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.0)

CVE-2026-30282

This vulnerability exists in an Android mobile application used for screen mirroring. Such applications are client-side software intended for local network use and require user interaction to import files, making public-internet-facing exposure via this vector extremely unlikely in standard deployment scenarios.

Path Traversal

Uxgroupllc Cast To Tv

2.2.77

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

An arbitrary file overwrite vulnerability in the Cast to TV Screen Mirroring application, specifically version 2.2.77, allows for overwriting critical internal files through the file import process. This could potentially lead to the execution of arbitrary code or exposure of sensitive information. The main concern is confirming relevance and exposure, as this vulnerability exists in a client-side Android application requiring user interaction for file import, making public internet-facing exposure highly unlikely in typical use cases.

  • Allows file overwrite and code execution.
  • Confirm if this app is used internally.
  • Assess application usage and potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by tricking a user into importing a specially crafted file into the Cast to TV Screen Mirroring application. This could lead to the overwriting of important system files, potentially allowing for code execution or the exposure of sensitive information.

  • Requires authenticated user interaction.
  • Triggered by importing a malicious file.
  • Risk of code execution or data exposure.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to overwrite critical internal files when a user imports a file through the Cast to TV Screen Mirroring application. This could lead to the execution of arbitrary code or exposure of sensitive information.

  • Critical internal files could be affected.
  • An attacker could exploit this via file import.
  • Arbitrary code execution or data exposure may occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Cast to TV Screen Mirroring may require action from application owners responsible for managing the Android app, as well as security teams to assess exposure and coordinate remediation. The first practical step is to identify all instances of the affected app, confirm if they are accessible externally or used for critical functions, and then prioritize remediation efforts based on identified risk.

  • Application owners should manage the issue.
  • Verify app accessibility and critical use.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Cast to TV Screen Mirroring application?

Cast to TV Screen Mirroring is an Android mobile application developed by UXGROUP LLC. It is designed for wireless display functionality, allowing users to project content from their mobile devices to television screens, typically within a local network environment.

What does CVE-2026-30282 mean for the software?

This CVE describes an arbitrary file overwrite vulnerability, categorized under Improper Limitation of a Pathname (CWE-22) and External Control of File Name or Path (CWE-73). Essentially, the software fails to properly sanitize file names during an import process, which can allow an attacker to overwrite sensitive internal files, potentially leading to unauthorized code execution or data theft.

How can an attacker trigger this vulnerability?

An attacker must trick a user into importing a specially crafted file through the application's interface. This requires specific user interaction; simply having the app installed or running on a device does not trigger the vulnerability without this manual file import step.

Is this vulnerability likely to be reachable from the internet?

According to Halo Surface Signal, this is very unlikely. As a client-side Android application intended for local network screen mirroring, it does not typically expose services directly to the public internet, making remote exploitation via this vector difficult in standard deployment scenarios.

What should I do if I use Cast to TV Screen Mirroring?

First, identify all devices or systems where version 2.2.77 of this application is installed. Verify how the app is being used and whether it processes files from untrusted sources. Security teams should assess the necessity of the application and prioritize updates or removal based on the sensitivity of the data handled by the device.

References