Waveshare Serial to Ethernet/Wi-Fi Gateway Firmware Vulnerability

MEDIUM (5.7) No Patch (10 days)
cwe-522firmware-vulnerabilityplaintext-passwordrs232485-to-wifi-ethwaveshare

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 7%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway is a network device that allows users to connect their devices to the internet using a serial connection. This vulnerability, discovered in firmware version 3.1.1.0, renders the Administrator password in plaintext, making it easily accessible to attackers.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Waveshare / RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

How to fix

  1. Immediately update to firmware version 3.1.2.0 or later, which can be downloaded from the Waveshare website.
  2. If an immediate update isn't possible, restrict network access to your Waveshare device (firewall it from the public internet) and monitor for suspicious activity.

References