CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

AZIOT 1 Node Smart Switch 安全漏洞

AZIOT 1 Node Smart Switch is a single-node intelligent switching device developed by the Indian company AZIOT. Version 1.1.9 of AZIOT 1 Node Smart Switch contains a security vulnerability. This vulnerability stems from improper access control of the UART debugging interface, which may allow...

Multiple IP-KVM Vulnerabilities

RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...

CVE-2025-65396

Affected product: Blurams Flare Camera (versions 24.1114.151.929 and earlier). Vulnerability cause: In the boot process, a read error from the SPI flash memory is induced by shorting a data pin to ground, allowing a physically proximate attacker to hijack the boot mechanism and gain a bootloader ...

CVE-2022-50625

In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter "B Generic UART" in "ARM Server Base System Architecture" 1 documentation describes a generic UART interface. Such generic UART does not support DMA. In current...

EUVD-2020-20583

Malware in sbrugna...

EUVD-2022-46145

Malicious code in bioql PyPI...

EUVD-2025-13275

Malicious code in bioql PyPI...

CVE-2025-10991 Root Access via UART

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907...

CVE-2023-30351

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service or UART by using the exposed credentials...

CVE-2020-28096

FOSCAM FHD X1 1.14.2.4 devices allow attackers with physical UART access to login via the ipc.fos password...

CVE-2025-44039

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive...

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...

PT-2024-4602 · Asus · Asus Rt-N12+ B1

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 versions affected versions not specified ASUS RT-N12 D1 versions affected versions not specified Description: The issue is related to insufficient access control in the UART interface of the firmware of ASUS routers, allowing...

CVE-2023-49515

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components...

CVE-2023-30351

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service or UART by using the exposed credentials...

GSD-2023-1000672 serial: amba-pl011: avoid SBSA UART accessing DMACR register

serial: amba-pl011: avoid SBSA UART accessing DMACR register This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

Pwning smart garage door openers

TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it had unique passwords per device But we found a way in, allowing us to open all the garage doors …And made it play...