CVE-2025-15083
Improper Access Control in TOZED ZLT M30s UART Interface
Publication date: 2025-12-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tozed | zlt_m30s | 1.47 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1191 | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the TOZED ZLT M30s device (up to version 1.47) in its UART (Universal Asynchronous Receiver-Transmitter) debug interface. Due to improper access control, the debug interface exposes sensitive information such as current and factory default Wi-Fi credentials in plain text during boot and factory reset processes. An attacker with physical access to the device can exploit this flaw to retrieve these credentials, potentially gaining unauthorized network access. The vulnerability is difficult to exploit and requires physical access to the device. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive Wi-Fi credentials stored on the device, allowing an attacker with physical access to gain unauthorized access to the network. This compromises the confidentiality of the device and the network it connects to. Since the debug interface lacks proper access control, attackers can manipulate it to extract sensitive information, potentially leading to further security breaches within the network environment. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires physical access to the TOZED ZLT M30s device and involves the UART debug interface exposing Wi-Fi credentials in plain text during boot or factory reset. Detection involves physically connecting to the UART interface and monitoring the debug output for exposure of sensitive information such as Wi-Fi credentials. Specific commands are not provided in the resources, but using a serial terminal program (e.g., minicom, PuTTY) to connect to the UART interface and observing the boot or reset logs can reveal the vulnerability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to the affected TOZED ZLT M30s devices to prevent attackers from connecting to the UART debug interface. Since no vendor patch or countermeasure is available, it is recommended to replace affected devices with alternative products that do not have this vulnerability. Additionally, avoid exposing devices in unsecured physical environments. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability exposes Wi-Fi credentials in plain text via the UART debug interface, potentially allowing unauthorized physical access to sensitive network information. This exposure of sensitive information could lead to non-compliance with data protection standards such as GDPR and HIPAA, which require safeguarding of sensitive data and prevention of unauthorized access. However, the exploit requires physical access and is difficult to execute, somewhat limiting the risk. No explicit mention of compliance impact or regulatory consequences is provided in the resources. [1, 2]