CVE-2026-30495

Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01

Description The device exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without authentication. It is configured with the variable ro.adb.secure set to 0, which disables RSA key verification. Furthermore, a functional su binary located at /system/xbin/su grants root privileges without authentication. An attacker on the same network can connect via ADB to obtain a shell and escalate to root privileges, allowing for the extraction of stored WiFi credentials, installation of persistent malware, and full access to device data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.