CVE-2025-63363
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| waveshare | rs232\/485_to_wifi_eth_\(b\)_firmware | 3.1.1.0 |
| waveshare | rs232\/485_to_wifi_eth_\(b\) | 4.3.2.1 |
| waveshare | rs232/485_to_wifi_eth_(b)_firmware | 3.1.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-300 | The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to a lack of Management Frame Protection in the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0. It allows attackers to send crafted deauthentication and disassociation frames without authentication or encryption, enabling them to perform de-authentication attacks against the device.
How can this vulnerability impact me? :
The vulnerability can allow attackers to disrupt network connectivity by forcing devices to disconnect from the Wi-Fi network through de-authentication attacks. This can lead to denial of service or interruption of communication for devices relying on the affected gateway.