Submit #707974: TOZED ZLT M30s 1.47 Improper Access Control in Debug Interfaceinfo

TitleTOZED ZLT M30s 1.47 Improper Access Control in Debug Interface
DescriptionAn Information exposure vulnerability has been identified in the device's internal Universal Asynchronous Reciever-Transmitter (UART) debugging console. It logs the current and factory-set default Wi-Fi credentials in plain text during the boot and factory reset sequences respectively. However, physical access to the device is required to exploit this vulnerability.
Source⚠️ https://hacklab.eu.org/blogs/zlt_m30s_debug_interface
User
 S33K3R (UID 92688)
Submission12/06/2025 22:14 (7 months ago)
Moderation12/25/2025 10:36 (19 days later)
StatusAccepted
VulDB entry338411 [TOZED ZLT M30s up to 1.47 UART Interface on-chip debug and test interface with improper access control]
Points18

Interested in the pricing of exploits?

See the underground prices here!