Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware Vulnerability

CRITICAL (9.8)
cwe-620authentication-bypassfirmware-vulnerabilityrs232485-to-wifi-ethserial-to-ethernetwifi-gatewaywaveshare

Threat Intelligence

Low Risk
EPSS Score: 0.07% chance of exploitation (percentile: 23%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway is a hardware device that allows users to convert serial connections to Wi-Fi. This vulnerability, discovered in firmware version 3.1.1.0 and hardware version 4.3.2.1, allows attackers to bypass authentication by setting the Administrator password and username as blank values.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

How to fix

To fix this vulnerability, download the patched firmware from Waveshare's website: https://www.waveshare.net/downloads/

Immediate mitigations:

  • Restrict network access to your device (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References