Waveshare Serial Gateway Plaintext Credential Disclosure (CVE-2025-63364)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Overview CVE ID: CVE-2025-63364 CVSS v3.1 Base Score: 7.5 (High) CVSS v4.0 Base Score: 8.7 (High) Vendor: Waveshare Electronics Device: Waveshare RS232/485 to WIFI ETH (B) Serial-to-Ethernet/Wi-Fi Gateway 2. Vulnerability Description Affected Product: Waveshare RS232/485 to WIFI ETH (B) - Firmware Version: V3.1.1.0 - Hardware Version: 4.3.2.1 - Web Interface Version: V7.04T.07.002880.0301 Vulnerability Details: The device uses HTTP Basic Authentication for admin login. Due to lack of HTTPS support, all authentication requests are sent in plaintext. Passwords are included in the Base64-encoded Authorization header, which is reversible, making credential recovery trivial. 3. Risk Assessment Credentials are transmitted in Base64 encoding (not encrypted), making interception easy. No TLS/HTTPS support, exposing all authentication traffic. Attackers on the same subnet can passively sniff credentials. Once compromised, attackers can modify serial routing, manipulate network settings, or further penetrate ICS/IoT networks. Exposure may lead to unauthorized device reconfiguration or operational disruption. In environments where serial devices bridge critical automation systems, a compromised gateway may impact process reliability and safety. 4. Attack Scenarios Scenario 1: Passive Network Sniffing – Attackers on the same LAN or Wi-Fi network capture HTTP traffic and extract credentials. Scenario 2: Rogue Access Point – If the device is configured for Wi-Fi, attackers can create a malicious AP to intercept connections. Scenario 3: ARP Poisoning – Man-in-the-middle attacks can capture login attempts undetected. Scenario 4: Compromised Workstation – A malware-infected configuration workstation can read outgoing Authorization headers. 5. Mitigation Measures User Recommendations - Avoid configuring devices on public or shared networks. - Segment device access to a management VLAN if possible. - Rotate admin credentials regularly. - Monitor for suspicious login attempts. - Review CISA guidance on ICS network segmentation. Vendor Recommendations - Implement HTTPS/TLS support. - Replace Basic Authentication with token-based or session-based authentication. - Provide local certificate generation or import options. - Mask sensitive fields in all web responses. 6. Disclosure Timeline September 16, 2025 – Researcher reported the vulnerability to Waveshare. September 23, 2025 – Vendor acknowledged the report. September 23–27, 2025 – Researcher requested detailed remediation timeline; none provided. September 27, 2025 – Researcher escalated to MITRE. September 29, 2025 – Reported to MITRE for CVE assignment. November 10, 2025 – CVE reserved. November 11, 2025 – Public disclosure.

Goal Reached Thanks to every supporter — we hit 100%!

Waveshare Serial Gateway Plaintext Credential Disclosure (CVE-2025-63364)