PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-67399 Airth CVE debrief

The AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 has a vulnerability that allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller. This issue has been assigned a CVSS score of 4.6, indicating a medium severity level. The vulnerability exists due to the UART port being open to access, allowing an attacker with physical access to the device to exploit this vulnerability and obtain sensitive information. Organizations and individuals using the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 should be aware of this vulnerability and take necessary precautions to prevent exploitation. Medium priority should be given to patching or mitigating this vulnerability.

Vendor
Airth
Product
Smart Home AQI Monitor Bootloader
CVSS
MEDIUM 4.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-14
Original CVE updated
2026-07-05
Advisory published
2026-01-14
Advisory updated
2026-07-05

Who should care

Organizations and individuals using the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The vulnerability exists in the UART port of the BK7231N controller, which is used in the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005. An attacker with physical access to the device can exploit this vulnerability to obtain sensitive information.

Defensive priority

High priority should be given to patching or mitigating this vulnerability due to the potential for sensitive information disclosure, even though physical access is required.

Recommended defensive actions

  • Inventory and assess the vulnerability of AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 devices
  • Implement compensating controls to monitor and restrict physical access to the devices
  • Apply patches or updates provided by the vendor, if available
  • Consider replacing the device with a newer version that is not vulnerable

Evidence notes

The CVE record was published on 2026-01-14T16:15:56.610Z and last modified on 2026-07-05T02:17:35.353Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope of affected deployments or specific exploitation details. Defenders should verify the applicability of this CVE to their environments through additional research and validation tasks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-14T16:15:56.610Z and has not been modified since then. The NVD entry is currently Modified.