Skip to main content

Google EUVDEUVD-2026-21368

| CVE-2026-5777 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-04-10 CERT-In GHSA-3jqw-2342-vgxw
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 10, 2026 - 12:15 euvd
EUVD-2026-21368
Analysis Generated
Apr 10, 2026 - 12:15 vuln.today
CVE Published
Apr 10, 2026 - 11:40 nvd
HIGH 8.7

DescriptionCVE.org

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.

AnalysisAI

Unauthenticated root access in Egate Atom 3x Projector enables complete device compromise via exposed Android Debug Bridge service on local network. Attacker on same network segment can execute arbitrary commands with full system privileges without credentials due to missing authentication controls and network exposure of ADB service. No public exploit identified at time of analysis. Critical impact includes data exfiltration, malware installation, and persistent backdoor deployment.

Technical ContextAI

Projector firmware exposes ADB daemon on network interface without authentication wrapper (CWE-306). CVSS:4.0 AV:A indicates adjacent network requirement; PR:N confirms zero authentication. Root shell access bypasses all Android permission boundaries, enabling direct filesystem manipulation and system configuration changes.

RemediationAI

No vendor-released patch identified at time of analysis per CERT-In advisory. Immediate mitigations: disable ADB service in projector system settings if available; isolate device on dedicated VLAN with strict access control lists permitting only authorized management hosts; deploy network-based authentication gateway for ADB traffic; monitor ADB port 5555/TCP for unauthorized connection attempts. Long-term: contact Egate support for firmware update timeline. Advisory reference: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0179. If patch remains unavailable after 90 days, consider device replacement for high-security environments.

Share

EUVD-2026-21368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy