CVE-2025-63361 – This vulnerability exposes the administrator pa... (How to Fix)

Q: What is the severity of CVE-2025-63361?

CVE-2025-63361 has a CVSS score of 5.7 (MEDIUM). This vulnerability exposes the administrator password in plaintext on the web interface of Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway devices. Attackers with network access can view the password, potentially gaining administrative control. Organizations using this specific firmware version are affected.

📋 TL;DR

This vulnerability exposes the administrator password in plaintext on the web interface of Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway devices. Attackers with network access can view the password, potentially gaining administrative control. Organizations using this specific firmware version are affected.

💻 Affected Systems

Products:

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

Versions: Firmware V3.1.1.0 with HW 4.3.2.1 and Webpage V7.04T.07.002880.0301

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific firmware/hardware/webpage version combination is confirmed affected. Other versions may also be vulnerable but not confirmed.

📦 What is this software?

Rs232\/485 To Wifi Eth \(b\) Firmware by Waveshare

View all CVEs affecting Rs232\/485 To Wifi Eth \(b\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative takeover of the gateway device, allowing attackers to reconfigure serial-to-network communications, intercept or modify industrial data, or use the device as a pivot point into operational technology networks.

🟠

Likely Case

Unauthorized administrative access leading to device configuration changes, network disruption, or data interception from connected serial devices.

🟢

If Mitigated

Limited impact if device is isolated in a segmented network with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can easily discover and exploit this vulnerability to gain administrative access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems on the same network segment can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires only web browser access to view the plaintext password. No special tools or authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates and apply if available.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the device in a separate VLAN or network segment with strict access controls.

Access Control Lists

all

Implement firewall rules to restrict web interface access to authorized IP addresses only.

🧯 If You Can't Patch

Change administrator password immediately and monitor for unauthorized access attempts.
Disable web interface if not required, or restrict to HTTPS-only access with strong authentication.

🔍 How to Verify

Check if Vulnerable:

Access the device web interface and check if administrator password is displayed in plaintext on any configuration page.

Check Version:

Check device web interface status page for firmware version: V3.1.1.0, HW 4.3.2.1, Webpage V7.04T.07.002880.0301

Verify Fix Applied:

Verify that password fields are masked or encrypted in the web interface after any firmware update.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unusual IP
Configuration changes from unauthorized IP addresses

Network Indicators:

HTTP requests to device web interface from unauthorized IPs
Unusual traffic patterns from the gateway device

SIEM Query:

source_ip IN (unauthorized_ips) AND destination_port=80 AND http_user_agent CONTAINS 'Mozilla' AND destination_ip=gateway_ip

📊 Metadata

CVE ID: CVE-2025-63361

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-522

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: December 4, 2025

Last Updated: December 15, 2025

🔗 References

https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing Exploit,Third Party Advisory
https://otsecverse.github.io/OTSecVerse/posts/Post-1/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63361, you might also want to check these: