TOZED ZLT M30s CVE-2025-15083
LOWSeverity by source
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
UART interface debug and test access control bypass in TOZED ZLT M30s firmware versions up to 1.47 allows physical attackers to access on-chip debug interfaces with improper authentication, leading to information disclosure and potential system manipulation. Exploitation requires direct physical device access and is difficult to execute, but publicly available exploit code exists and the vendor has not responded to disclosure. With an EPSS score of 0.03% and CVSS 0.3, real-world risk is minimal despite public POC availability.
Technical ContextAI
The TOZED ZLT M30s is a network device (likely a cellular gateway or router) that exposes an undocumented or inadequately protected UART interface for on-chip debugging and manufacturing test modes. UART (Universal Asynchronous Receiver-Transmitter) interfaces are common hardware debug ports on embedded systems, typically used by manufacturers for factory testing and firmware flashing. The vulnerability stems from CWE-1191 (On-Chip Debug and Test Interface With Improper Access Control), indicating that debug functionality intended only for authorized personnel is accessible without proper authentication or encryption. The affected firmware applies to all versions of the ZLT M30s up to and including version 1.47. Physical access to exposed UART pins or test pads on the circuit board is required to exploit this weakness.
RemediationAI
Upgrade to firmware version 1.48 or later once released by the vendor to restore proper access control on the UART debug interface. Given the vendor's non-response to early disclosure, check the TOZED support website or contact sales directly for patched firmware availability and release timeline. As an interim compensating control, physically secure the device to restrict unauthorized physical access-place it in a locked cabinet or restricted-access server room with entry logging. Alternatively, disable or physically isolate the UART interface if the device firmware supports disabling debug modes through configuration menus or if the device can be sealed (e.g., potting or tamper-evident labels) to detect unauthorized access attempts. If the device is deployed in an open or semi-public environment (shared office, field location), relocate it to a controlled facility or implement surveillance monitoring. Note that these controls do not eliminate the vulnerability but reduce the probability of exploitation by raising the attacker's operational difficulty.
Share
External POC / Exploit Code
Leaving vuln.today