One of the other things which you can perform on embedded devices to bypass security measures (such as no root shell on UART console) is to take advantage of glitching-based attacks.
Glitching, as the name suggests, is a way of introducing faults in the system that you are working with. This could be done in a number of various ways and there are separate books and research papers written solely on this topic.
For now, we will be looking at a very basic glitching-based attack overview. The goal of this is to be able to access the bootloader, which will allow us to change sensitive parameters such as the boot up args, where we can define our own arguments to tell the system to launch the UART console with a login prompt/shell or boot the system in a single user mode bypassing authentication.