Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-30496: Optoma CinemaX P2 Projector Exposes Remote Control API on Network
CVE-2026-30496
Summary
The Optoma CinemaX P2 projector has a remote control system that can be accessed by any device on the same network without a password. This means that anyone with a device connected to the same network can control the projector's settings, such as the volume and brightness, without being authorized. It is recommended to update the projector's firmware to a version that fixes this issue.
Original title
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports b...
Original description
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including volume, mute, brightness, power, network protocols enable/disable (including TELNET), display modes, and other projector functions. Any device on the same network can control the projector without authentication.
Vulnerability type
CWE-285
Improper Authorization
Published: 7 May 2026 · Updated: 2 Jun 2026 · First seen: 7 May 2026