| Title | TOZED ZLT M30s 1.47 Improper Access Control in Debug Interface |
|---|
| Description | An Information exposure vulnerability has been identified in the device's internal Universal Asynchronous Reciever-Transmitter (UART) debugging console. It logs the current and factory-set default Wi-Fi credentials in plain text during the boot and factory reset sequences respectively. However, physical access to the device is required to exploit this vulnerability. |
|---|
| Source | ⚠️ https://hacklab.eu.org/blogs/zlt_m30s_debug_interface |
|---|
| User | S33K3R (UID 92688) |
|---|
| Submission | 12/06/2025 22:14 (7 months ago) |
|---|
| Moderation | 12/25/2025 10:36 (19 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338411 [TOZED ZLT M30s up to 1.47 UART Interface on-chip debug and test interface with improper access control] |
|---|
| Points | 18 |
|---|