CVE-2025-63362 is a critical authentication bypass vulnerability affecting the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway, specifically firmware version 3.1.1.0 with hardware version 4.3.2.1 and webpage version V7.04T.07.002880.0301. The vulnerability stems from improper validation in the device's web interface that allows an attacker to set the administrator username and password to blank values. This effectively disables authentication controls, granting unauthenticated remote attackers full administrative access to the device. The gateway acts as a bridge between serial RS232/485 industrial communication protocols and Ethernet/Wi-Fi networks, often deployed in industrial control systems (ICS), manufacturing environments, and networked serial device management. Exploiting this flaw requires no privileges or user interaction and can be performed remotely over the network, making it highly accessible to attackers. The CVSS v3.1 base score is 9.8, reflecting the critical impact on confidentiality, integrity, and availability. With full administrative control, attackers can manipulate device configurations, intercept or alter serial communications, disrupt network connectivity, or use the device as a foothold for lateral movement within an organization's network. No patches or official mitigations have been published yet, and no exploits are known to be active in the wild. The vulnerability is classified under CWE-620 (Authentication Bypass by Assumed-Immutable Data). Given the device's role in bridging legacy serial protocols with modern networks, exploitation could have cascading effects on industrial processes and operational technology (OT) environments.

For European organizations, the impact of CVE-2025-63362 is significant, especially for those operating in industrial sectors such as manufacturing, energy, transportation, and utilities where Waveshare serial-to-Ethernet/Wi-Fi gateways are deployed. Compromise of these gateways can lead to unauthorized access to critical control systems, manipulation of industrial data streams, and disruption of operational processes. This can result in production downtime, safety hazards, data breaches involving sensitive operational information, and potential regulatory non-compliance under frameworks like NIS2 and GDPR if personal or operational data is exposed. The ability to bypass authentication without any user interaction or privileges increases the risk of automated or widespread exploitation attempts. Additionally, attackers gaining control over these gateways could use them as pivot points to infiltrate broader enterprise networks, amplifying the threat to IT and OT convergence environments common in European industries. The lack of available patches further exacerbates the risk, necessitating immediate compensating controls to prevent exploitation.

1. Immediately isolate affected Waveshare RS232/485 TO WIFI ETH (B) devices from untrusted or public networks to reduce exposure. 2. Restrict network access to these devices using firewall rules or network segmentation, allowing only trusted management hosts to communicate with them. 3. Monitor network traffic and device logs for unusual access patterns or attempts to set blank administrator credentials. 4. Implement strict access control policies and multi-factor authentication on network segments hosting these devices where possible. 5. Engage with Waveshare or authorized vendors to obtain firmware updates or patches as soon as they become available. 6. Consider replacing vulnerable devices with alternative solutions that have stronger security postures if patching is delayed. 7. Conduct thorough security assessments of industrial and OT networks to identify all instances of this device and assess exposure. 8. Educate operational technology staff about this vulnerability and the importance of monitoring and controlling device access. 9. Employ network intrusion detection systems (NIDS) tuned to detect attempts to exploit authentication bypass behaviors. 10. Document and update incident response plans to include scenarios involving compromise of serial-to-Ethernet gateways.