CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2025-41697 Shell access to UART Console

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692...

CVE-2025-60856

Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...

CVE-2025-60856

Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges...

EUVD-2021-10261

Malware in sbrugna...

EUVD-2022-33741

Malicious code in bioql PyPI...

EUVD-2023-38070

Malicious code in bioql PyPI...

EUVD-2025-14395

Malicious code in bioql PyPI...

EUVD-2023-40139

Malicious code in bioql PyPI...

CVE-2023-33921

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...

CVE-2023-33920

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with...

CVE-2022-29402

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2021-23147

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2025-44039

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive...

CVE-2025-44039

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive...

PT-2025-20904 · Unknown · Cp-Xr-De21-S

Name of the Vulnerable Software and Affected Versions: CP-XR-DE21-S -4G Router Firmware version 1.031.022 Description: The issue concerns insecure protections for the UART console, allowing local attackers to connect via a serial connection, read the boot sequence, and reveal internal system...

CVE-2025-44039

CVE-2025-44039 affects the CP-XR-DE21-S 4G router: firmware version 1.031.022 has insecure protections on the UART console. The issue allows a local attacker with serial access to connect to the UART port, view the boot sequence, and reveal internal system details and sensitive information withou...

CVE-2025-44039

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...