CVE Catalog

CVE-2025-67399

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

A vulnerability in the AIRTH SMART HOME AQI MONITOR Bootloader v1.005 allows a physically proximate attacker to obtain sensitive information via the open UART port of the BK7231N controller (Wi-Fi and BLE module).

Risk Assessment

An attacker with physical access to the device can read confidential data, potentially leading to privacy breaches or further network attacks.

Recommendation

It is recommended to disable the UART port in production devices and implement authentication or encryption for communication over this interface.

Original NVD description (English source)

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

Vulnerability data from NVD (NIST) · CISA KEV · EPSS