AZIOT 1 Node Smart Switch Information Disclosure Vulnerability via UART Debug Interface
Vulnerability
A vulnerability allowing information disclosure exists in the AZIOT 1 Node Smart Switch (16amp) with WiFi and Bluetooth capability, running software version 1.1.9. The issue arises from improper access control on the UART debug interface, which allows an attacker with physical access to connect to the UART interface and retrieve sensitive information from the serial console without authentication.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as WiFi credentials and encryption keys, through the UART interface.
Reproduction
The vulnerability can be reproduced by physically accessing the device and connecting to the UART interface. Once connected, the UART output can be monitored using a terminal program. The device's firmware can be dumped and analyzed with available tools, such as 'bk7231tools', which can extract sensitive data from the firmware, including keys and unencrypted logs.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.