CVE-2026-30496

Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01

Description The device exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control. This API enables reading configuration across 74 endpoints and modifying settings such as volume, mute, brightness, power, display modes, and the enabling or disabling of network protocols, including TELNET. Any device on the same network can interact with these endpoints without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.