CVE-2025-63364 identifies a security vulnerability in the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway, specifically firmware version 3.1.1.0 with hardware version 4.3.2.1 and web interface version V7.04T.07.002880.0301. The vulnerability involves the transmission of administrator credentials in plaintext over the network, which means that anyone with access to the network traffic can intercept these credentials using common network sniffing tools. This flaw arises because the device does not employ encryption or secure channels (such as HTTPS or other cryptographic protections) when handling sensitive authentication data. As a result, an attacker positioned on the same network segment or with the ability to monitor network traffic can capture the administrator username and password, gaining unauthorized access to the device’s management interface. This access can lead to further exploitation, including device configuration changes, network pivoting, or disruption of connected serial devices. The vulnerability is particularly concerning because the device serves as a gateway between serial communication protocols (RS232/485) and Ethernet/Wi-Fi networks, often used in industrial control systems, building automation, or other operational technology environments. No CVSS score has been assigned yet, and no public exploits are known, but the risk remains significant due to the sensitive nature of the credentials exposed and the critical role these devices play in networked environments.

For European organizations, the impact of this vulnerability can be substantial, especially in sectors relying on industrial automation, manufacturing, energy, and critical infrastructure where Waveshare serial-to-Ethernet/Wi-Fi gateways are deployed. Exposure of administrator credentials can lead to unauthorized device access, allowing attackers to manipulate device configurations, intercept or alter serial communications, or use the compromised device as a foothold to infiltrate broader network segments. This could result in operational disruptions, data breaches, or sabotage of industrial processes. The plaintext transmission of credentials also increases the risk in environments where network traffic is not fully encrypted or segmented, which is common in legacy or mixed-technology industrial networks. Additionally, the lack of immediate patches means organizations must rely on network-level defenses and monitoring to mitigate risk. The potential for lateral movement and escalation within networks makes this vulnerability a critical concern for maintaining operational continuity and data integrity in European industrial and enterprise environments.

1. Immediately segment networks to isolate the Waveshare gateway devices from general enterprise networks, restricting access to trusted administrators only. 2. Disable remote web management interfaces if not strictly necessary, or restrict access via firewall rules and VPNs to trusted IP addresses. 3. Employ network monitoring and intrusion detection systems to detect unusual access patterns or credential interception attempts. 4. Use encrypted tunnels (e.g., VPNs or SSH tunnels) for any remote management traffic until a firmware update is available. 5. Regularly audit device configurations and access logs for signs of unauthorized access. 6. Engage with Waveshare or authorized vendors to obtain firmware updates or patches as soon as they become available. 7. Consider replacing vulnerable devices with alternatives that support secure authentication and encrypted management interfaces if patching is delayed. 8. Educate operational technology and IT teams about the risks of transmitting credentials in plaintext and enforce strict credential management policies.