CVE-2026-30495

Name: CVE-2026-30495
Creator: NVD / NIST
Published: 2026-05-07T14:16:01.983+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.22%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binary exists at /system/xbin/su that grants root privileges without authentication. An attacker on the same network can connect to the device via ADB, obtain a shell, and escalate to root privileges, gaining complete control of the device. This allows extraction of stored WiFi credentials, installation of persistent malware, and access to all device data.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.22%

12.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-285

References

https://whitelabel.org/security/2026-02-01-smart-projector/

Timeline

Published: May 7, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-30495?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST