Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-30496 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-30496 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-30496 is an unauthenticated remote control vulnerability in the HTTP API exposed by the Optoma CinemaX P2 projector running firmware TVOS-04.24.010.04.01 on Android 8.0.0, accessible over TCP port 2345 without any authentication requirement.

Technical Detail

The Optoma CinemaX P2 exposes an HTTP API on TCP port 2345 that performs no authentication checks before processing incoming requests, allowing any network-adjacent or remote attacker with access to that port to issue control commands to the device. The flaw is an authentication bypass that grants full device control, meaning an attacker can manipulate projector functions, potentially abuse the underlying Android 8.0.0 operating system, and use the device as a foothold within the network segment it occupies. Given the Android runtime environment, exploitation could extend to arbitrary command execution depending on the API surface exposed, with a CVSS score of 9.8 reflecting the low attack complexity and absence of required privileges or user interaction.

Exploitation Status

No known exploit code has been publicly documented at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, though the vulnerability class is straightforward and the attack surface requires no special tooling beyond standard HTTP request capabilities.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence.

What To Do

Organizations using the Optoma CinemaX P2 projector should immediately assess network exposure of TCP port 2345 and restrict access using firewall rules or network segmentation to prevent unauthorized access from untrusted hosts. If a firmware update addressing this vulnerability is available from Optoma, it should be applied as a priority given the critical severity rating. As an interim workaround, these devices should be isolated to a dedicated IoT or AV network segment with no direct internet exposure and limited lateral access to corporate infrastructure. Detection can be achieved by monitoring for unexpected HTTP traffic to TCP port 2345 originating from hosts outside of authorized management systems.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →