Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Wi-Fi De-Authentication of Connected Clients in Waveshare RS232/485 TO WIFI ETH (B) 

Vulnerability 

Wi-Fi De-Authentication of Connected Clients: 
Absence of 802.11w or Management Frame Protection (MFP) allows unauthenticated attackers to broadcast crafted deauthentication and disassociation frames. 

Vulnerability Description 

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of Management Frame Protection (MFP or 802.11w), allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption.

This exposes the network to unauthorized disruptions, as attackers can disconnect clients using tools like aireplay-ng, undermining the availability and reliability of the Wi-Fi connection. The vulnerability persists despite the use of WPA2-PSK AES encryption for data frames, as management frames remain unprotected.  

Impact 

Prevents legitimate Wi-Fi access and disrupts data relay between serial and Ethernet interfaces. 

CVE ID 

CVE-2025-63363 

Vendor 

Waveshare Electronics 

Product 

Product Name Affected Version 
RS232/485 TO WIFI ETH (B) Firmware V3.1.1.0 (HW 4.3.2.1, Webpage V7.04T.07.002880.0301) 

CWE 

CWE-290 – Authentication Bypass by Capture-Replay 
CWE-693 – Protection Mechanism Failure 

CVSS v3.1 Scoring 

Base Score: 7.5 (High) 

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 

Disclosure Timeline 

  • 16 Sep 2025 — Initial report sent via Waveshare support portal with full disclosure report. 
  • 23 Sep 2025 — Vendor acknowledged receipt. 
  • 23 Sep 2025 — Researcher requested remediation timeline, CVD process, and CVE coordination details. 
  • 24 Sep 2025 — Vendor replied: “Information received; feedback will be taken into account in future research.” 
  • 24 Sep 2025 — Researcher requested confirmation on CVD process and timeline. 
  • 27 Sep 2025 — Vendor responded: “No specific timeline can be provided; security feedback will be considered in subsequent products.” 
  • 27 Sep 2025 — Researcher informed vendor case would be reported to MITRE for CVE assignment. 
  • 29 Sep 2025 — Reported to MITRE for CVE assignment. 
  • 10 Nov 2025 — CVE ID reserved. 
  • 11 Nov 2025 — Public advisory released. 

Credits 

Ranit Pradhan and Abhishek Pandey – Payatu Security Consulting Pvt. Ltd. 

Youtube Linkedin Facebook Twitter Instagram Telegram
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trade Ledger takes privacy and security of it’s customers and system very seriously. We needed an independent audit to check our systems, and wanted to partner with a team that understands the compliance environment of banks.
MARTIN MECCAN
MARTIN MECCANCEO - TradeLedger Australia

Trusted by