Stef

**Name of the Vulnerable Software and Affected Versions** Optoma CinemaX P2 version TVOS-04.24.010.04.01 **Description** The device exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without authentication. It is configured with the variable `ro.adb.secure` set to 0, which disables RSA key verification. Furthermore, a functional `su` binary located at `/system/xbin/su` grants root privileges without authentication. An attacker on the same network can connect via ADB to obtain a shell and escalate to root privileges, allowing for the extraction of stored WiFi credentials, installation of persistent malware, and full access to device data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.