Stefan

**Name of the Vulnerable Software and Affected Versions** Optoma CinemaX P2 version TVOS-04.24.010.04.01 **Description** The device exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without authentication. It is configured with the variable `ro.adb.secure` set to 0, which disables RSA key verification. Furthermore, a functional `su` binary located at `/system/xbin/su` grants root privileges without authentication. An attacker on the same network can connect via ADB to obtain a shell and escalate to root privileges, allowing for the extraction of stored WiFi credentials, installation of persistent malware, and full access to device data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Optoma CinemaX P2 version TVOS-04.24.010.04.01 **Description** The device exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control. This API enables reading configuration across 74 endpoints and modifying settings such as volume, mute, brightness, power, display modes, and the enabling or disabling of network protocols, including TELNET. Any device on the same network can interact with these endpoints without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.