Waveshare RS232/485 To WiFi ETH (B) Gateway Cleartext Transmission of Administrator Credentials Vulnerability

A vulnerability exists in the Waveshare RS232/485 to WiFi ETH (B) Serial-to-Ethernet/Wi-Fi Gateway, specifically in Firmware Version 3.1.1.0, Hardware Version 4.3.2.1, and Webpage Version V7.04T.07.002880.0301. This vulnerability allows for the transmission of administrator credentials in plaintext via HTTP Basic Authentication. The device lacks HTTPS support, leaving credentials exposed to interception by attackers on the same network.

Impact

Exploitation of this vulnerability allows for the interception of administrator credentials, which are transmitted as Base64-encoded strings in the Authorization header of HTTP requests. Once intercepted, these credentials can be easily decoded and used to gain full administrative control over the device. This access allows unauthorized users to alter device configurations, manipulate network settings, and potentially disrupt operations in critical industrial or IoT environments.

Reproduction

To reproduce this vulnerability, access the device's web interface over HTTP. Log in using valid administrator credentials, then capture the network traffic with a tool like Wireshark. After logging in, observe the Authorization header in the HTTP request, which will contain the Base64-encoded credentials. This demonstrates the cleartext transmission of sensitive information, as the intercepted credentials can be easily decoded and exploited.

Remediation

Waveshare should implement HTTPS/TLS support for all management interfaces, replacing HTTP Basic Authentication with a more secure method, such as session-based or token-based authentication. Additionally, users are advised to avoid configuring the device on public or shared networks, segment access to a management VLAN if possible, and monitor for suspicious login attempts.