CVE-2026-30495 - Vulnerability Details

Description

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.

Published: 2026-05-07

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Optoma CinemaX P2 projector runs Android 8.0.0 and exposes ADB on TCP port 5555 without authentication. The device has ro.adb.secure set to 0, disabling RSA key verification, and a su binary in /system/xbin/su that grants root privileges with no authentication. An attacker on the same local network can connect via ADB, obtain a shell, and immediately elevate to root. This provides complete control of the device, allowing the attacker to steal stored Wi‑Fi credentials, install persistent malware, and access all data stored on the projector. This weakness corresponds to CWE‑284 (Improper Access Control).

Affected Systems

Affected devices are Optoma CinemaX P2 projectors with firmware TVOS‑04.24.010.04.01 running Android 8.0.0. No other vendors or versions are listed in the CNA data, so only this specific configuration is known to be vulnerable.

Risk and Exploitability

The CVSS or EPSS scores are not available, but the vulnerability is trivial to exploit because it requires only local network access and no authentication. The device’s network exposure of ADB makes the attack vector obvious, and the presence of a root binary eliminates privilege checks. Although the vulnerability is not currently listed in the CISA KEV catalog, its impact is high due to the ease of exploitation and full root access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Optoma

Cinemax P2

100%

Version	Status	Scheme	Platform
`TVOS-04.24.010.04.01`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Block or disable port 5555 on the projector’s network interface or remove ADB over the network from the device settings.
Apply the latest vendor firmware update that disables ADB or sets ro.adb.secure to 1 and removes the root binary.
Restrict network access to the projector by placing it in a separate VLAN or implementing firewall rules that prevent other hosts on the local network from reaching TCP port 5555.

Generated by OpenCVE AI on May 7, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://whitelabel.org/security/2026-02-01-smart-projector/

History

Thu, 07 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Optoma Optoma cinemax P2
Vendors & Products		Optoma Optoma cinemax P2

Thu, 07 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Title		Unauthenticated ADB Exposure and Root Access on Optoma CinemaX P2 Projector
Weaknesses		CWE-284

Thu, 07 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
References		https://whitelabel.org/security/2026-02-01-smart-projector/

Subscriptions

Optoma Cinemax P2

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-07T00:00:00.000Z

Updated: 2026-05-07T13:17:16.814Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30495

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-07T14:16:01.983

Modified: 2026-05-07T15:15:06.770

Link: CVE-2026-30495

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-07T21:25:22Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object