External risk intelligence

Attacker can remotely control Optoma projectors to change settings or disable network features.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-30496

An internal attacker on the local network can gain full remote control over the Optoma CinemaX P2 projector due to missing security checks. This could allow unauthorized changes to projector settings and enable further access into your network, potentially disrupting business operations.

2Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-30496

The Optoma CinemaX P2 is an audiovisual device intended for deployment within internal home or office networks. The vulnerable HTTP API requires local network access and is not designed for public exposure. While potentially reachable if misconfigured, standard deployments place these devices behind internal network controls rather than on the public-facing edge.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An unauthenticated HTTP API on the Optoma CinemaX P2 projector allows anyone on the same network to remotely control its functions. This includes changing settings like volume, brightness, power, and even enabling potentially risky network protocols. Because it's so accessible, this could be a significant security concern for devices connected to your network.

  • Unauthenticated network control.
  • Allows modification of sensitive settings.
  • Impacts devices on the local network.

Attack Path

How an attacker could exploit the issue

An attacker on the same local network can exploit this vulnerability to fully control the Optoma CinemaX P2 projector without any authentication. They can manipulate settings like volume, brightness, and power, and crucially, enable potentially dangerous network protocols such as TELNET. This allows for further compromise of the device or network.

  • Attacker must be on same network.
  • Vulnerable HTTP API on TCP port 2345.
  • Unauthenticated remote control possible.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability is unlikely to be weaponized by opportunistic attackers. While the API allows unauthenticated remote control over a local network, it does not directly expose systems to the public internet. Exploitation would require an attacker to first gain a foothold on the same local network as the projector.

  • Not publicly exploited.
  • No KEV signal.
  • No recent exploitation signals.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize isolating or taking offline affected Optoma CinemaX P2 projectors. The unauthenticated HTTP API on TCP port 2345 allows complete remote control, posing a critical risk. Focus immediate efforts on identifying all such devices on your network.

  • Block network access to port 2345.
  • Update projector firmware to a secure version.
  • Monitor for unauthorized network activity.

Frequently asked questions

What is the Optoma CinemaX P2 projector and what are its capabilities?

The Optoma CinemaX P2 is a projector that operates on firmware TVOS-04.24.010.04.01 and Android 8.0.0. It is designed for displaying visual content and offers extensive control over various functions, including volume, brightness, power, and network protocol settings.

What is CVE-2026-30496 and what type of weakness does it represent?

CVE-2026-30496 is a critical vulnerability affecting the Optoma CinemaX P2 projector. It is characterized by an improper access control weakness (CWE-285), which permits unauthenticated remote manipulation of the device.

How can an attacker exploit the CVE-2026-30496 vulnerability?

An attacker positioned on the same local network as the Optoma CinemaX P2 projector can exploit this vulnerability by leveraging an unauthenticated HTTP API. This API, accessible on TCP port 2345, allows for complete remote control of the projector's settings and functions without requiring any credentials.

How relevant is CVE-2026-30496 given current threat landscapes?

While the vulnerability allows for unauthenticated remote control over a local network, its relevance is considered unlikely for widespread opportunistic attacks. Exploitation typically requires an attacker to first gain access to the internal network where the projector is located, rather than being directly exposed to the public internet.

What steps should be taken to address the Optoma CinemaX P2 vulnerability?

To mitigate the risk associated with CVE-2026-30496, it is recommended to isolate affected Optoma CinemaX P2 projectors from the network or take them offline if possible. Blocking network access to TCP port 2345 is a crucial step. Additionally, monitoring for unauthorized network activity and seeking secure firmware updates when available are advised.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified