CRITICAL🇵🇱 Wersja polska

CVE-2025-63362

CVSS 9.8v3.1pub. 2025-12-04upd. 2025-12-15

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication.

🤖 AI Analysis
How it works

The device's web interface (configuration page) does not validate the correctness of entered authentication data — it allows setting empty values for the administrator username and password fields (CWE-620: Unverified Password Change). An attacker can intentionally zero out the login credentials and then gain access to the administrative panel without providing any credentials. The attack requires no user interaction or prior authentication and can be conducted remotely over the network.

Impact

An attacker gains full administrative access to the device, enabling changes to network configuration and serial data transmission, potential takeover of connected OT/ICS devices, and breach of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until the fix is deployed, it is recommended to isolate the device from untrusted networks (network segmentation, firewall), and access to the web interface should be restricted exclusively to trusted hosts or management networks.

Who is affected

Waveshare RS232/485 TO WIFI ETH (B) with firmware V3.1.1.0, hardware version 4.3.2.1, and web interface Webpage V7.04T.07.002880.0301

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Waveshare Rs232\/485 To Wifi Eth \(b\)

    HW
    Waveshare
    4.3.2.1
  • Waveshare Rs232\/485 To Wifi Eth \(b\) Firmware

    OS
    Waveshare
    3.1.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-63363HIGH7.5ten sam produkt

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway ...

CVE-2025-63364HIGH7.5ten sam produkt

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7...

CVE-2025-63361MEDIUM5.7ten sam produkt

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7...