PatchSiren cyber security CVE debrief
CVE-2026-5777 EGate CVE debrief
CVE-2026-5777 is a HIGH-severity vulnerability (CVSS 8.7) affecting the Atom 3x Projector, published on 2026-04-10 and last modified on 2026-05-19. The vulnerability stems from improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls (CWE-306: Missing Authentication for Critical Function). An unauthenticated attacker on the same network can exploit this flaw to obtain root-level access, resulting in complete device compromise. The vulnerability is classified as Deferred in the NVD. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. The vendor attribution remains uncertain, with low-confidence evidence suggesting a possible organization name of 'Org' derived from reference domain analysis; this requires review.
- Vendor
- EGate
- Product
- Atom 3X Projector
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-05-19
Who should care
Organizations deploying Atom 3x Projectors in conference rooms, classrooms, or public venues; network administrators managing IoT/embedded device segments; security teams responsible for Android-based embedded systems; procurement officers evaluating projector security postures
Technical summary
The Atom 3x Projector exposes the Android Debug Bridge (ADB) service on the local network without authentication, violating secure-by-default principles. ADB provides privileged shell access to Android systems; when exposed over TCP (typically port 5555) without access controls, any network-adjacent attacker can connect and execute commands with root privileges. This represents a critical configuration weakness in the device's network services stack.
Defensive priority
HIGH
Recommended defensive actions
- Segment Atom 3x Projector devices on isolated network VLANs with strict ingress/egress filtering to prevent unauthorized lateral access
- Disable ADB over network (TCP port 5555) on affected projectors; restrict ADB to USB debugging only if operational requirements permit
- Implement network-level access controls to block unauthorized connections to ADB service ports from non-administrative hosts
- Inventory and audit all Atom 3x Projector deployments to identify exposed ADB instances; prioritize devices on shared or guest networks
- Monitor network traffic for unauthorized ADB protocol activity targeting projector devices
- Contact device supplier or manufacturer to obtain firmware updates that disable network ADB by default or enforce authentication
- Review and update procurement policies to require secure-by-default configurations for Android-based embedded devices
Evidence notes
Primary source is CERT-In advisory CIVN-2026-0179. CVSS 4.0 vector confirms attack vector as adjacent network (AV:A) with no privileges required (PR:N) and high impact to confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Vendor identification is provisional based on reference domain candidate 'Org' with low confidence; canonical source marked as weak.
Official resources
-
CVE-2026-5777 CVE record
CVE.org
-
CVE-2026-5777 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-04-10