CVE-2026-30495: n/a
The Optoma CinemaX P2 projector firmware exposes the Android Debug Bridge (ADB) service on TCP port 5555 without authentication, with disabled RSA key verification. A root-level su binary is accessible without authentication, allowing an attacker on the same network to gain full control of the device. This vulnerability enables extraction of WiFi credentials, installation of persistent malware, and full data access.
AI Analysis
Technical Summary
CVE-2026-30495 affects the Optoma CinemaX P2 projector running firmware TVOS-04.24.010.04.01 based on Android 8.0.0. The device exposes ADB over the network on port 5555 with ro.adb.secure=0, disabling RSA key verification and allowing unauthenticated connections. Additionally, a su binary at /system/xbin/su grants root privileges without authentication. An attacker on the same network can connect via ADB, escalate privileges to root, and fully compromise the device, including extracting stored WiFi credentials and installing persistent malware.
Potential Impact
An attacker with network access can gain unauthenticated root access to the device, resulting in complete compromise. This includes disclosure of sensitive information such as WiFi credentials, persistent malware installation, and full control over device data and functions. The vulnerability has a high CVSS score of 8.8, indicating severe confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device, especially blocking TCP port 5555, to prevent unauthorized ADB connections. Disable ADB over the network if possible. Monitor for unusual device behavior indicative of compromise.
CVE-2026-30495: n/a
Description
The Optoma CinemaX P2 projector firmware exposes the Android Debug Bridge (ADB) service on TCP port 5555 without authentication, with disabled RSA key verification. A root-level su binary is accessible without authentication, allowing an attacker on the same network to gain full control of the device. This vulnerability enables extraction of WiFi credentials, installation of persistent malware, and full data access.
CVSS v3.1
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-30495 affects the Optoma CinemaX P2 projector running firmware TVOS-04.24.010.04.01 based on Android 8.0.0. The device exposes ADB over the network on port 5555 with ro.adb.secure=0, disabling RSA key verification and allowing unauthenticated connections. Additionally, a su binary at /system/xbin/su grants root privileges without authentication. An attacker on the same network can connect via ADB, escalate privileges to root, and fully compromise the device, including extracting stored WiFi credentials and installing persistent malware.
Potential Impact
An attacker with network access can gain unauthenticated root access to the device, resulting in complete compromise. This includes disclosure of sensitive information such as WiFi credentials, persistent malware installation, and full control over device data and functions. The vulnerability has a high CVSS score of 8.8, indicating severe confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device, especially blocking TCP port 5555, to prevent unauthorized ADB connections. Disable ADB over the network if possible. Monitor for unusual device behavior indicative of compromise.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd3ebfcbff5d86106d049d
Added to database: 05/08/2026, 01:39:11 UTC
Last enriched: 05/15/2026, 10:51:40 UTC
Last updated: 06/30/2026, 13:20:25 UTC
Views: 105
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.