CVE-2026-30496
published 2026-05-07CVE-2026-30496: The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.33%
24.3th percentile
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including volume, mute, brightness, power, network protocols enable/disable (including TELNET), display modes, and other projector functions. Any device on the same network can control the projector without authentication.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Optoma CinemaX P2 Projector 04.24.010.04.01 access control
vuldb·2026-05-07
CVE-2026-30496 [CRITICAL] Optoma CinemaX P2 Projector 04.24.010.04.01 access control
A vulnerability has been found in Optoma CinemaX P2 Projector 04.24.010.04.01 and classified as critical. Impacted is an unknown function. This manipulation causes improper access controls.
This vulnerability is handled as CVE-2026-30496. The attack can only be done within the local network. There is not any exploit available.
GHSA
GHSA-mm28-jjfm-w9mv: The Optoma CinemaX P2 projector (firmware TVOS-04
ghsa_unreviewed·2026-05-07
CVE-2026-30496 [CRITICAL] CWE-285 GHSA-mm28-jjfm-w9mv: The Optoma CinemaX P2 projector (firmware TVOS-04
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including volume, mute, brightness, power, network protocols enable/disable (including TELNET), display modes, and other projector functions. Any device on the same network can control the projector without authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-07
Published