The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://whitelabel.org/security/2026-02-01-smart-projector/ |
|
History
Thu, 07 May 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-07T13:17:16.814Z
Reserved: 2026-03-04T00:00:00.000Z
Link: CVE-2026-30495
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-07T14:16:01.983
Modified: 2026-05-07T14:16:01.983
Link: CVE-2026-30495
Redhat
No data.
OpenCVE Enrichment
No data.