Overview
CVE-2025-63361 details a critical security vulnerability found in the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway. Specifically, Firmware version V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 is susceptible to a flaw that renders the administrator password in plaintext. This means an attacker with access to the device’s webpage source code can easily obtain the administrator credentials, leading to a complete compromise of the device.
Technical Details
The vulnerability resides in how the Waveshare gateway’s web interface handles and stores the administrator password. Instead of using proper hashing or encryption techniques, the password is made directly available in the HTML source code of the web interface. By simply viewing the page source, an attacker can extract the plaintext password. This lack of basic security practices makes exploitation trivial.
CVSS Analysis
As of the publication date (2025-12-04), a CVSS score has not been assigned (N/A). However, given the severity of plaintext password exposure, it’s highly likely that a future analysis will result in a critical or high severity score. The Common Vulnerability Scoring System (CVSS) metrics will likely consider attack vector, attack complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
Possible Impact
The impact of this vulnerability is significant. Successful exploitation allows an attacker to:
- Gain complete administrative control over the Waveshare gateway.
- Modify device configuration, potentially disrupting operations.
- Access sensitive data transmitted through the serial ports.
- Use the compromised gateway as a pivot point to access other devices on the network.
- Potentially use the device in botnet attacks.
This vulnerability poses a significant risk to industrial control systems (ICS) and operational technology (OT) environments where these gateways are commonly used.
Mitigation or Patch Steps
Currently, no official patch is available from Waveshare as of this writing. Therefore, immediate mitigation steps are crucial:
- Isolate the Device: Segment the affected Waveshare gateway from the rest of the network to limit the potential for lateral movement by attackers.
- Monitor Network Traffic: Implement network monitoring to detect any suspicious activity originating from the gateway.
- Restrict Access: Limit access to the gateway’s web interface to only authorized personnel and require strong passwords for any other accessible services.
- Consider Alternative Solutions: If possible, consider replacing the vulnerable device with a more secure alternative.
- Contact Waveshare: Reach out to Waveshare support and demand a security patch or firmware update that addresses this vulnerability. Their response and remediation efforts are crucial.
Once a patch is released, it should be applied immediately following a thorough testing in a non-production environment.
