exploitDog

CVE-2025-63362

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication.

Ссылки

https://drive.google.com/file/d/1AGv9KWMTB71NJfIOncuNO6FyK0UAqxmL/view?usp=sharing
Exploit
Third Party Advisory
https://otsecverse.github.io/OTSecVerse/posts/Post-2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:waveshare:rs232\/485_to_wifi_eth_\(b\)_firmware:3.1.1.0:*:*:*:*:*:*:*

cpe:2.3:h:waveshare:rs232\/485_to_wifi_eth_\(b\):4.3.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00169

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-620

Связанные уязвимости

GHSA-8j63-78xq-x2q3

CVSS3: 9.8

github

2 месяца назад

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication.

EPSS

Процентиль: 38%

0.00169

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-620