CVE-2026-30495HIGH 8.8EPSS p11.9%

CVE-2026-30495CVE-2026-30495

Description

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 11.9% · 2026-06-19T12:03:05Z
Published2026-05-07
Last modified2026-05-08

Underlying weaknesses· 1

CWE-285

References

  1. https://whitelabel.org/security/2026-02-01-smart-projector/

1

TypeTargetConfidenceTier
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30496
CVE
CVE-2026-0073
CVE
CVE-2026-8598
CVE
CVE-2025-52690
CVE
CVE-2025-52688
CVE
CVE-2025-65294
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.