Vulnerability:
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access to the device can connect to the exposed UART interface and read sensitive information and dump or change the firmware from the serial console without authentication due to missing or improper access control.
Impact:
This vulnerability allows an attacker with physical access to the device to fully extract the
firmware and internal memory contents. As a result:
- Firmware Intellectual Property Exposure: Proprietary firmware, algorithms and
implementation details can be copied, reverse engineered or reused. - Credential and Key Disclosure: Sensitive data potentially stored in firmware or memory
(such as Wi-Fi credentials, encryption keys, or API tokens) may be exposed. - Device Cloning and Counterfeiting: Extracted firmware can be flashed onto other
hardware, enabling unauthorized device replication. - Firmware Modification and Malicious Reprogramming: Attackers could modify the
firmware to introduce malicious functionality, persistent backdoors, or altered device
behavior.
CVE ID:
CVE-2026-30613
Vendor:
AZIOT
Product:
Aziot 1Node Smart Switch
CVSS Score:
Base CVSS Score: 4.6
CVSS Base Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Disclosure Timeline:
Reported to vendor – 14-Jan-2026
Reported to MITRE – 03-Feb-2026
CVE ID Reserved – 23-Mar-2026
CVE Published – 06-Apr-2026
Credits:
Mohammad Natiq Khan – Payatu Security Consulting Pvt. Ltd.
