CVE-2025-63362 – This vulnerability allows attackers to set blan... (How to Fix)

Q: What is the severity of CVE-2025-63362?

CVE-2025-63362 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to set blank administrator credentials on Waveshare serial-to-Ethernet/Wi-Fi gateways, enabling complete authentication bypass. Attackers can gain administrative control of affected devices, potentially compromising connected industrial or IoT systems. Organizations using these gateways in operational technology or industrial control environments are at risk.

📋 TL;DR

This vulnerability allows attackers to set blank administrator credentials on Waveshare serial-to-Ethernet/Wi-Fi gateways, enabling complete authentication bypass. Attackers can gain administrative control of affected devices, potentially compromising connected industrial or IoT systems. Organizations using these gateways in operational technology or industrial control environments are at risk.

💻 Affected Systems

Products:

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

Versions: Firmware V3.1.1.0 with HW 4.3.2.1 and Webpage V7.04T.07.002880.0301

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware/hardware/webpage combination; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Rs232\/485 To Wifi Eth \(b\) Firmware by Waveshare

View all CVEs affecting Rs232\/485 To Wifi Eth \(b\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to reconfigure network settings, intercept serial communications, install malware, pivot to connected industrial systems, and disrupt critical operations.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, data interception, and potential lateral movement to connected systems.

🟢

If Mitigated

Limited impact if devices are isolated in segmented networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - Directly exposed devices can be compromised remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this if network segmentation is insufficient.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in referenced GitHub repository; exploitation requires only web access to device interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for firmware updates.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in dedicated VLANs with strict firewall rules

Access Control Lists

all

Restrict web interface access to trusted IP addresses only

🧯 If You Can't Patch

Remove devices from internet-facing networks immediately
Implement network monitoring for authentication attempts and configuration changes

🔍 How to Verify

Check if Vulnerable:

Attempt to set blank administrator credentials via web interface; if successful, device is vulnerable.

Check Version:

Check device web interface for firmware version information

Verify Fix Applied:

Test if blank credentials can still be set after applying any vendor updates.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication events
Configuration changes from unexpected sources
Multiple failed login attempts followed by successful login

Network Indicators:

HTTP requests to admin credential endpoints
Unusual traffic patterns from gateway devices

SIEM Query:

source="gateway" AND (event_type="auth" OR event_type="config_change") AND result="success"

📊 Metadata

CVE ID: CVE-2025-63362

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-620

EPSS Score: 0.18% exploit probability (39.3th percentile)

Published: December 4, 2025

Last Updated: December 15, 2025

🔗 References

https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing Exploit,Third Party Advisory
https://otsecverse.github.io/OTSecVerse/posts/Post-2/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63362, you might also want to check these: