CVE-2026-30495
Description
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = TVOS-04.24.010.04.01
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.