Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware Vulnerability

HIGH (7.5) No Patch (9 days)
cwe-319firmware-vulnerabilityplaintext-authenticationrcewavesharewifi-gateway

Threat Intelligence

Low Risk
EPSS Score: 0.02% chance of exploitation (percentile: 3%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway is a network device that allows users to connect their devices to the internet via Wi-Fi. This vulnerability, discovered in firmware version 3.1.1.0, HW 4.3.2.1, and Webpage V7.04T.07.002880.0301, allows attackers to transmit Administrator credentials in plaintext, posing a significant risk to users who have not properly secured their devices.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Waveshare / RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway

How to fix

To fix this vulnerability, you can:

  1. Update to a patched firmware version (version 3.1.1.0-1) from the Waveshare website.
  2. Apply immediate mitigations:
    • Set admin_password to a secure value in the /etc/waveshare/wifi.conf file using a command like sed -i 's admin_password=.*$/admin_password="secure_value"/' /etc/waveshare/wifi.conf.
    • Restrict network access to your device by configuring your router's firewall rules.

References