关键漏洞信息 1. Executive Summary CVE ID: CVE-2025-63361 CVSS v3.1 Base Score: 5.7 (Medium) CVSS v4.0 Base Score: 6.9 (Medium) Attention: Exploitable remotely / low attack complexity Vendor: Waveshare Electronics Equipment: Waveshare RS232/485 TO WIFI ETH (B) Serial-to-Ethernet/Wi-Fi Gateway Vulnerability: Insufficiently Protected Administrator Credentials (Plaintext Password Exposure) 2. Risk Evaluation The administrator password is fully exposed in the UI and HTML source. Any authenticated user can extract the password. Attackers can escalate to full administrative control. Exposure may occur through various means like shoulder surfing or cached UI content. Attackers may use obtained credentials for further attacks. 3. Technical Details 3.1 Affected Products Waveshare RS232/485 TO WIFI ETH (B) - Firmware Version: V3.1.1.0 - Hardware Version: 4.3.2.1 - Web Interface: V7.04T.07.002880.0301 3.2 Vulnerability Description The administrator password is displayed via: Technical issues include: - Incorrect implementation of password field. - Plaintext embedding in backend responses. - Browser caching and developer consoles reveal the password. 3.3 Attack Scenarios Low-privilege user escalates Shoulder surfing Remote desktop compromise Shared kiosk or maintenance machine 4. Mitigations 4.1 User Recommendations Restrict management interface access to isolated VLANs. Avoid exposing the device to untrusted networks. Disable browser auto-fill and clear cache. Implement network segmentation. Use dedicated secured workstations. Enforce strong physical access control. 4.2 Vendor Recommendations Replace password fields with properly masked UI elements. Remove plaintext passwords from backend responses. Use secure credential storage (hashed/salted). Implement API-level separation. Introduce TLS support. 5. Disclosure Timeline 16 Sep 2025: Initial report to Waveshare. 23 Sep 2025: Vendor acknowledgment. 27 Sep 2025: Disclosure through MITRE. 10 Nov 2025: CVE reserved. 11 Nov 2025: Public advisory released. 6. Background Used in industrial automation, IoT sensor networks, smart metering, and more. Credentials exposure risks lateral movement, configuration sabotage, or data interception. 7. Researcher Abhishek Pandey Payatu Security Consulting Pvt. Ltd.