CVE-2026-30613
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
An information disclosure vulnerability in AZIOT 1 Node Smart Switch (16A) with firmware version 1.1.9 is caused by improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.
Risk Assessment
The risk involves potential theft of confidential data such as network configuration, passwords, or cryptographic keys by someone with physical access to the device, which could lead to further attacks on the infrastructure.
Recommendation
It is recommended to immediately block access to the UART interface on production devices by physically securing the enclosure and implementing authentication on the serial console. Also consider updating the firmware after the vendor releases a patch.
Original NVD description (English source)
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.

