CVE-2026-30495
ADB Remote Root Access in Optoma CinemaX P2 Projector
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| optoma | cinemax_p2 | * |
| optoma | cinemax_p1 | * |
| optoma | cinemax_pro | * |
| android | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30495 is a critical security vulnerability found in Optoma CinemaX projectors, including models P2, P1, and Pro. The issue arises because the Android Debug Bridge (ADB) service is exposed on TCP port 5555 over the network without requiring any authentication.
The device is configured with ro.adb.secure=0, which disables RSA key verification, allowing anyone on the same network to connect via ADB. Additionally, a functional su binary exists on the device that grants root privileges without authentication.
This means an attacker on the same network can gain shell access and escalate to root, effectively taking full control of the device.
How can this vulnerability impact me? :
This vulnerability allows an attacker on the same network to gain unauthenticated root access to the affected projector.
- Extraction of stored Wi-Fi credentials in cleartext.
- Installation of persistent malware on the device.
- Full access to all data stored on the device.
Because the attacker gains root privileges, they can fully control the device, potentially using it as a foothold to attack other devices on the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Optoma CinemaX projector is exposing the Android Debug Bridge (ADB) service on TCP port 5555 without requiring authentication.
A common method is to scan your network for devices with port 5555 open and test if ADB connections can be established without authentication.
- Use a network scanning tool like nmap to detect open port 5555: nmap -p 5555 <target-ip>
- Attempt to connect to the device via ADB: adb connect <target-ip>:5555
- If the connection succeeds without requiring authentication, the device is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disconnecting the vulnerable Optoma CinemaX projector from the network to prevent unauthorized access.
If possible, manually apply any available patches or firmware updates, although the latest firmware only partially addresses the issue.
Isolate the device on a separate network segment to limit exposure to attackers on the same network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated remote root access to the Optoma CinemaX projectors, enabling attackers to extract sensitive data such as stored Wi-Fi credentials and gain full control of the device.
Such unauthorized access and potential data exposure can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure device management to prevent unauthorized access.
Because the vulnerability exposes sensitive information and allows persistent malware installation, organizations using these devices may face risks related to data breaches, which are subject to regulatory reporting and penalties under these standards.