Description
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.
Published: 2026-04-06
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability resides in the UART debug interface of the AZIOT 1 Node Smart Switch (16amp) running software version 1.1.9. Improper access control allows anyone with physical access to connect directly to the UART port and capture data from the serial console, exposing sensitive information. This weakness corresponds to a classic data‑exposure flaw (CWE‑200).

Affected Systems

AZIOT 1 Node Smart Switch (16amp) WiFi/Bluetooth Enabled, firmware 1.1.9.

Risk and Exploitability

The CVSS score of 4.6 indicates a moderate security risk, but the EPSS score of less than 1% and absence from the KEV catalog suggest low exploitation probability. The flaw is exploitable only when an attacker can physically reach the UART port, meaning the threat surface is limited to environments where physical access is possible. No remote exploitation path is described, and no additional authentication bypass is required beyond the physical connection to the debug interface.

Generated by OpenCVE AI on April 8, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to the latest AZIOT release that disables or secures the UART debug interface.
  • If an update is not yet available, physically remove or block the UART debug port and cover or secure the port area.
  • Enforce strict physical access controls for the switch, limiting access to authorized personnel only.

Generated by OpenCVE AI on April 8, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Information Disclosure via UART Debug Interface in AZIOT 1 Node Smart Switch

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Information Disclosure via UART Interface in AZIOT 1 Node Smart Switch
Weaknesses CWE-284

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Aziot
Aziot node Smart Switch
Vendors & Products Aziot
Aziot node Smart Switch

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Information Disclosure via UART Interface in AZIOT 1 Node Smart Switch
Weaknesses CWE-200
CWE-284

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from the serial console without authentication.
References

Subscriptions

Aziot Node Smart Switch
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-07T13:50:57.669Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30613

cve-icon Vulnrichment

Updated: 2026-04-07T13:50:42.371Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T18:16:41.440

Modified: 2026-04-07T15:17:38.420

Link: CVE-2026-30613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:07Z

Weaknesses