Description

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.

INFO

Published Date :

2026-05-07T00:00:00.000Z

Last Modified :

2026-05-07T13:17:16.814Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30495 vulnerability.

Vendors Products
Optoma
  • Cinemax P2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30495.

URL Resource
https://whitelabel.org/security/2026-02-01-smart-projector/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System