UART port of the Wi-Fi module controller is open to access

Vulnerability:

The AIRTH Smart Home AQI Monitor uses a CB3S Bluetooth SoC based on the BK7231N chipset with Software version number: 2.1.17. By physically accessing the device and identifying the SOC, the exposed UART debug/programming pins were located using the publicly available datasheet. Direct connection to these pins via a USB-to-TTL converter and vendor-provided tools allowed unrestricted read access to the chip’s memory. As a result, the complete firmware could be extracted without authentication or security checks. This issue is caused by missing hardware-level protections such as disabled debug interfaces, read-out protection, or secure boot, enabling unauthorized firmware and memory access through the UART interface.

Impact:

This vulnerability allows an attacker with physical access to the device to fully extract the firmware and internal memory contents. As a result:

· Firmware Intellectual Property Exposure: Proprietary firmware, algorithms and implementation details can be copied, reverse engineered or reused.

· Credential and Key Disclosure: Sensitive data potentially stored in firmware or memory (such as Wi-Fi credentials, encryption keys, or API tokens) may be exposed.

· Device Cloning and Counterfeiting: Extracted firmware can be flashed onto other hardware, enabling unauthorized device replication.

· Firmware Modification and Malicious Reprogramming: Attackers could modify the firmware to introduce malicious functionality, persistent backdoors, or altered device behaviour.

· Loss of User Privacy: Modified firmware could silently collect or transmit sensor data or network information without user consent.

While exploitation requires physical access, the absence of basic hardware security protections significantly lower the barrier for firmware compromise and poses a serious risk to device security and intellectual property.

 CVE ID:

CVE-2025-67399

Vendor:

Airth

Product:

AIRTH Smart Home AQI Monitor

CVSS Score:

Base CVSS Score: 6.8

CVSS Base Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Disclosure Timeline

Reported to vendor – 26-Sept-2025

Reported to MITRE – 05-Dec-2025

CVE ID Reserved – 03-Jan-2026

CVE Published – 14-Jan-2026

Credits:

Rupesh B. Surve – Payatu Security Consulting Pvt. Ltd.