Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.
AnalysisAI
Unauthenticated root access in Egate Atom 3x Projector enables complete device compromise via exposed Android Debug Bridge service on local network. Attacker on same network segment can execute arbitrary commands with full system privileges without credentials due to missing authentication controls and network exposure of ADB service. No public exploit identified at time of analysis. Critical impact includes data exfiltration, malware installation, and persistent backdoor deployment.
Technical ContextAI
Projector firmware exposes ADB daemon on network interface without authentication wrapper (CWE-306). CVSS:4.0 AV:A indicates adjacent network requirement; PR:N confirms zero authentication. Root shell access bypasses all Android permission boundaries, enabling direct filesystem manipulation and system configuration changes.
RemediationAI
No vendor-released patch identified at time of analysis per CERT-In advisory. Immediate mitigations: disable ADB service in projector system settings if available; isolate device on dedicated VLAN with strict access control lists permitting only authorized management hosts; deploy network-based authentication gateway for ADB traffic; monitor ADB port 5555/TCP for unauthorized connection attempts. Long-term: contact Egate support for firmware update timeline. Advisory reference: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0179. If patch remains unavailable after 90 days, consider device replacement for high-security environments.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21368
GHSA-3jqw-2342-vgxw