CVE-2026-30495
Awaiting Analysis Awaiting Analysis - Queue
ADB Remote Root Access in Optoma CinemaX P2 Projector

Publication date: 2026-05-07

Last updated on: 2026-05-08

Assigner: MITRE

Description
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-08
Generated
2026-06-17
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30495
EUVD
EUVD-2026-28366
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
optoma cinemax_p2 *
optoma cinemax_p1 *
optoma cinemax_pro *
google android 8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30495 is a critical security vulnerability found in Optoma CinemaX projectors, including models P2, P1, and Pro. The issue arises because the Android Debug Bridge (ADB) service is exposed on TCP port 5555 over the network without requiring any authentication.

The device is configured with ro.adb.secure=0, which disables RSA key verification, allowing anyone on the same network to connect via ADB. Additionally, a functional su binary exists on the device that grants root privileges without authentication.

This means an attacker on the same network can gain shell access and escalate to root, effectively taking full control of the device.

Impact Analysis

This vulnerability allows an attacker on the same network to gain unauthenticated root access to the affected projector.

  • Extraction of stored Wi-Fi credentials in cleartext.
  • Installation of persistent malware on the device.
  • Full access to all data stored on the device.

Because the attacker gains root privileges, they can fully control the device, potentially using it as a foothold to attack other devices on the network.

Detection Guidance

This vulnerability can be detected by checking if the Optoma CinemaX projector is exposing the Android Debug Bridge (ADB) service on TCP port 5555 without requiring authentication.

A common method is to scan your network for devices with port 5555 open and test if ADB connections can be established without authentication.

  • Use a network scanning tool like nmap to detect open port 5555: nmap -p 5555 <target-ip>
  • Attempt to connect to the device via ADB: adb connect <target-ip>:5555
  • If the connection succeeds without requiring authentication, the device is vulnerable.
Mitigation Strategies

Immediate mitigation steps include disconnecting the vulnerable Optoma CinemaX projector from the network to prevent unauthorized access.

If possible, manually apply any available patches or firmware updates, although the latest firmware only partially addresses the issue.

Isolate the device on a separate network segment to limit exposure to attackers on the same network.

Compliance Impact

This vulnerability allows unauthenticated remote root access to the Optoma CinemaX projectors, enabling attackers to extract sensitive data such as stored Wi-Fi credentials and gain full control of the device.

Such unauthorized access and potential data exposure can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure device management to prevent unauthorized access.

Because the vulnerability exposes sensitive information and allows persistent malware installation, organizations using these devices may face risks related to data breaches, which are subject to regulatory reporting and penalties under these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart