CVE-2025-15083

TOZED ZLT M30s UART on-chip debug and test interface with improper access control

CVSS 1 LOWEPSS 0.2%CWE-1191

In short

The TOZED ZLT M30s device has a UART debug interface that lacks proper access controls, allowing someone with physical access to the device to potentially interact with debugging features they shouldn't be able to reach.

Technical detail

A UART interface in TOZED ZLT M30s (up to version 1.47) implements insufficient access control on on-chip debug and test functions (CWE-1191). The attack requires direct physical access to the device's UART pins and involves complex manipulation, but poses a risk if an attacker gains physical possession of the hardware.

Summary generated and translated by AI from the official description.

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

TOZED · ZLT M30s

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://hacklab.eu.org/blogs/zlt_m30s_debug_interface https://vuldb.com/?ctiid.338411 https://vuldb.com/?id.338411 https://vuldb.com/?submit.707974