Description
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
Published: 2026-05-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Optoma CinemaX P2 projector runs Android 8.0.0 and exposes Android Debug Bridge on TCP port 5555 without any authentication. The device’s configuration disables RSA key verification by setting ro.adb.secure to 0, and it contains a /system/xbin/su binary that grants root privileges with no credential check. An attacker who can reach the projector on the local network can therefore connect to ADB, spawn a shell, and immediately elevate to full root access. This gives the attacker the ability to read stored Wi‑Fi credentials, install persistent malware, and access all data on the device. The flaw correlates with CWE‑285 (Improper Authorization).

Affected Systems

Affected devices are Optoma CinemaX P2 projectors with firmware TVOS‑04.24.010.04.01 running Android 8.0.0. No other vendors or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of less than 1 % shows a low current exploitation probability. The vulnerability is trivial to exploit because it requires only local network connectivity and no authentication. The open ADB port and the presence of an unauthenticated root binary provide a direct attack vector. The flaw is not currently listed in the CISA KEV catalog, but its impact remains high due to the ease of achieving full control of the device.

Generated by OpenCVE AI on May 9, 2026 at 02:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or disable TCP port 5555 on the projector’s network interface or use the device settings to turn off ADB over the network.
  • Apply the latest Optoma firmware update that disables network‑enabled ADB or sets ro.adb.secure to 1 and removes the /system/xbin/su binary.
  • Restrict the projector’s network access by placing it in a separate VLAN or configuring firewall rules that deny other hosts on the local network from reaching TCP port 5555.

Generated by OpenCVE AI on May 9, 2026 at 02:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 02:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated ADB Access with Root Privilege Escalation in Optoma CinemaX P2 Projector

Sat, 09 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated ADB Exposure and Root Access on Optoma CinemaX P2 Projector
Weaknesses CWE-284

Fri, 08 May 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Optoma
Optoma cinemax P2
Vendors & Products Optoma
Optoma cinemax P2

Thu, 07 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated ADB Exposure and Root Access on Optoma CinemaX P2 Projector
Weaknesses CWE-284

Thu, 07 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
References

Subscriptions

Optoma Cinemax P2
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T22:02:49.050Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30495

cve-icon Vulnrichment

Updated: 2026-05-08T21:53:16.051Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T14:16:01.983

Modified: 2026-05-08T23:16:34.750

Link: CVE-2026-30495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T02:15:06Z

Weaknesses