CVE-2025-63363 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-63363?

CVE-2025-63363 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to execute de-authentication attacks against Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway devices by broadcasting crafted deauthentication and disassociation frames without authentication or encryption. This affects all users of the vulnerable firmware version, potentially disrupting serial-to-network communications.

📋 TL;DR

This vulnerability allows attackers to execute de-authentication attacks against Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway devices by broadcasting crafted deauthentication and disassociation frames without authentication or encryption. This affects all users of the vulnerable firmware version, potentially disrupting serial-to-network communications.

💻 Affected Systems

Products:

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

Versions: Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices using Wi-Fi functionality. Wired-only configurations are not vulnerable.

📦 What is this software?

Rs232\/485 To Wifi Eth \(b\) Firmware by Waveshare

View all CVEs affecting Rs232\/485 To Wifi Eth \(b\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial-of-service attacks that completely disrupt all wireless communications of affected devices, potentially causing industrial/OT system downtime.

🟠

Likely Case

Intermittent network disconnections and communication failures for devices using wireless connectivity.

🟢

If Mitigated

Minimal impact if devices are used in wired-only mode or with proper network segmentation.

🌐 Internet-Facing: HIGH - Wireless interfaces exposed to attackers can be targeted remotely.

🏢 Internal Only: MEDIUM - Attackers within wireless range can still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

De-authentication attacks are well-documented and tools like aireplay-ng can be used. The vulnerability specifically lacks Management Frame Protection (MFP/802.11w).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates.

🔧 Temporary Workarounds

Disable Wi-Fi and use wired connection

all

Configure device to use only Ethernet connectivity instead of Wi-Fi

Access device web interface > Network Settings > Disable Wi-Fi

Implement network segmentation

all

Isolate vulnerable devices in separate network segments with strict firewall rules

🧯 If You Can't Patch

Deploy wireless intrusion detection systems to monitor for de-authentication attacks
Physically secure devices to limit wireless access range

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in web interface. If using firmware V3.1.1.0 with Wi-Fi enabled, device is vulnerable.

Check Version:

Access device web interface at http://[device-ip] and check firmware version in System Information

Verify Fix Applied:

Verify Wi-Fi is disabled or device is updated to patched firmware version (when available).

📡 Detection & Monitoring

Log Indicators:

Multiple authentication failures
Unexpected device disconnections
Wi-Fi interface errors

Network Indicators:

High volume of deauthentication frames from single source
Spoofed MAC addresses in management frames

SIEM Query:

source="wireless" AND (event_type="deauth" OR event_type="disassoc") AND count > threshold

📊 Metadata

CVE ID: CVE-2025-63363

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-284

EPSS Score: 0.08% exploit probability (23.1th percentile)

Published: December 4, 2025

Last Updated: December 16, 2025

🔗 References

https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing Exploit,Third Party Advisory
https://otsecverse.github.io/OTSecVerse/posts/Post-3/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63363, you might also want to check these: