Skip to main content

AZIOT CVE-2026-30613

| EUVDEUVD-2026-19404 MEDIUM
Information Exposure (CWE-200)
2026-04-06 cve@mitre.org GHSA-gmxc-m4rh-7pmv
4.6
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 18:22 euvd
EUVD-2026-19404
Analysis Generated
Apr 06, 2026 - 18:22 vuln.today
CVE Published
Apr 06, 2026 - 18:16 nvd
MEDIUM 4.6

DescriptionCVE.org

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.

AnalysisAI

AZIOT 1 Node Smart Switch (16amp) WiFi/Bluetooth Enabled firmware version 1.1.9 allows information disclosure through unauthenticated UART debug interface access. An attacker with physical access to the device can connect to the serial console and extract sensitive information without any authentication barrier. This vulnerability has an EPSS score of 0.03% (9th percentile), indicating very low real-world exploitation probability despite the high confidentiality impact rating.

Technical ContextAI

The vulnerability stems from CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), specifically improper access control on the UART (Universal Asynchronous Receiver-Transmitter) debug interface. UART interfaces are physical serial communication channels commonly left enabled during development and manufacturing for debugging purposes. The AZIOT smart switch firmware fails to disable or protect this interface in production, allowing any actor with physical device access to interact with the debug console directly. The affected product is AZIOT 1 Node Smart Switch (16amp) with WiFi and Bluetooth connectivity running software version 1.1.9, as identified via CPE associations with IoT smart home automation devices.

RemediationAI

Update AZIOT 1 Node Smart Switch firmware to a version newer than 1.1.9 (specific patch version not identified in available advisory data). Users should contact AZIOT customer support via http://aziot.com for firmware update availability and instructions. As an interim workaround for devices in sensitive environments, physically restrict access to the UART interface through enclosure or tamper-evident sealing, and monitor device placement to prevent unauthorized physical contact. No vendor-released patch version is independently confirmed in the provided references, so users should verify update availability directly from AZIOT before deployment.

Share

CVE-2026-30613 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy