CVE Catalog

CVE-2026-30613

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

An information disclosure vulnerability in AZIOT 1 Node Smart Switch (16A) with firmware version 1.1.9 is caused by improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.

Risk Assessment

The risk involves potential theft of confidential data such as network configuration, passwords, or cryptographic keys by someone with physical access to the device, which could lead to further attacks on the infrastructure.

Recommendation

It is recommended to immediately block access to the UART interface on production devices by physically securing the enclosure and implementing authentication on the serial console. Also consider updating the firmware after the vendor releases a patch.

Original NVD description (English source)

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS