CVE-2025-63364 – The Waveshare RS232/485 TO WIFI ETH (B) Serial ... (How to Fix)

Q: What is the severity of CVE-2025-63364?

CVE-2025-63364 has a CVSS score of 7.5 (HIGH). The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway transmits administrator credentials in plaintext during authentication. This allows attackers to intercept login credentials and gain administrative access to the device. All users of the affected firmware version are vulnerable.

📋 TL;DR

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway transmits administrator credentials in plaintext during authentication. This allows attackers to intercept login credentials and gain administrative access to the device. All users of the affected firmware version are vulnerable.

💻 Affected Systems

Products:

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

Versions: Firmware V3.1.1.0 with HW 4.3.2.1 and Webpage V7.04T.07.002880.0301

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the web interface authentication mechanism.

📦 What is this software?

Rs232\/485 To Wifi Eth \(b\) Firmware by Waveshare

View all CVEs affecting Rs232\/485 To Wifi Eth \(b\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of the device, allowing them to reconfigure settings, intercept serial communications, or use the device as a pivot point into connected industrial/OT networks.

🟠

Likely Case

Credential theft leading to unauthorized access, configuration changes, and potential disruption of serial communication services.

🟢

If Mitigated

Limited to credential exposure without successful exploitation if strong network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH - Plaintext credentials transmitted over internet-accessible interfaces can be easily intercepted.

🏢 Internal Only: MEDIUM - Internal attackers or compromised hosts on the same network segment could intercept credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to intercept authentication traffic. The referenced GitHub post demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: No

Instructions:

Check Waveshare website for firmware updates. If available, download and apply the latest firmware through the device's web interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the device from untrusted networks and limit access to authorized management hosts only.

VPN/Encrypted Tunnel

all

Require VPN or encrypted tunnel for all administrative access to the device.

🧯 If You Can't Patch

Change default credentials and implement strong password policies
Monitor network traffic for plaintext credential transmission and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Use network monitoring tools (Wireshark, tcpdump) to capture authentication traffic to the device's web interface and check if credentials are transmitted in plaintext.

Check Version:

Check firmware version in device web interface under System Information or similar menu.

Verify Fix Applied:

After applying any firmware update, repeat the network capture to verify credentials are now encrypted.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unusual IP
Configuration changes from unexpected sources

Network Indicators:

Plaintext HTTP POST requests containing 'password' or similar fields to device management interface
Unusual outbound connections from the device

SIEM Query:

source_ip="device_ip" AND http_method="POST" AND (http_uri CONTAINS "/login" OR http_uri CONTAINS "/auth") AND http_content CONTAINS "password="

📊 Metadata

CVE ID: CVE-2025-63364

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: December 4, 2025

Last Updated: December 16, 2025

🔗 References

https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing Exploit,Third Party Advisory
https://otsecverse.github.io/OTSecVerse/posts/Post-4/ Third Party Advisory,Mitigation

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63364, you might also want to check these: