CVE-2025-67399
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
A vulnerability in the AIRTH SMART HOME AQI MONITOR Bootloader v1.005 allows a physically proximate attacker to obtain sensitive information via the open UART port of the BK7231N controller (Wi-Fi and BLE module).
Risk Assessment
An attacker with physical access to the device can read confidential data, potentially leading to privacy breaches or further network attacks.
Recommendation
It is recommended to disable the UART port in production devices and implement authentication or encryption for communication over this interface.
Original NVD description (English source)
An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

