CVE-2025-63364 identifies a vulnerability in the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway, specifically in Firmware version 3.1.1.0 with hardware version 4.3.2.1 and webpage version V7.04T.07.002880.0301. The vulnerability arises because the device transmits administrator credentials in plaintext over the network during web interface interactions. This is classified under CWE-319, which concerns the cleartext transmission of sensitive information. The CVSS v3.1 base score is 7.5, indicating a high severity level. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) shows that the attack is network-based, requires low attack complexity, no privileges, and no user interaction, with a high impact on confidentiality but no impact on integrity or availability. The plaintext transmission of admin credentials means an attacker with network access can easily intercept these credentials using packet sniffing tools, leading to unauthorized administrative access. This could allow attackers to manipulate device configurations or pivot to other network segments. No patches or fixes have been published yet, and no known exploits are reported in the wild. The device is typically used in industrial environments to bridge serial communication to Ethernet or Wi-Fi, making it a critical component in automation and control systems.

For European organizations, the primary impact is the compromise of administrator credentials leading to unauthorized access to the gateway device. This can result in exposure or manipulation of industrial control communications, potentially disrupting manufacturing processes or critical infrastructure operations. Confidentiality breaches could enable attackers to gather intelligence on network configurations or launch further attacks within the network. Since the device is often deployed in industrial automation, energy, transportation, and manufacturing sectors, the risk extends to operational technology (OT) environments where security is paramount. The lack of integrity or availability impact in the CVSS score suggests that direct disruption or data alteration is less likely, but unauthorized access could still facilitate such actions indirectly. The vulnerability's ease of exploitation without authentication or user interaction increases the risk, especially in networks with inadequate segmentation or monitoring. European organizations with these devices exposed to less secure networks or the internet face elevated risks of compromise.

1. Immediately isolate the affected Waveshare gateways from untrusted networks, ensuring they are only accessible within secure, segmented internal networks. 2. Implement VPNs or encrypted tunnels (e.g., IPsec, TLS) for all management traffic to prevent credential interception. 3. Monitor network traffic for unencrypted credential transmissions using intrusion detection systems (IDS) or network traffic analysis tools. 4. Restrict administrative access to the device by IP whitelisting and strong network access controls. 5. Regularly audit device configurations and logs for unauthorized access attempts. 6. Engage with Waveshare or vendors for firmware updates or patches as they become available. 7. Consider replacing or upgrading devices with more secure alternatives that do not transmit credentials in plaintext. 8. Educate operational technology and IT teams about this vulnerability and enforce strict network segmentation between IT and OT environments to limit exposure.