22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2025-63361

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext...

CVE-2025-63364

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext...

EUVD-2025-201261

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext...

EUVD-2025-201260

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication...

CVE-2025-63362

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication...

Waveshare RS232/485 TO WIFI ETH (B) 安全漏洞

Waveshare RS232/485 TO WIFI ETH B is a serial server from Waveshare China. A security vulnerability exists in Waveshare RS232/485 TO WIFI ETH B V3.1.1.0, which originates from allowing blank administrator credentials to be set, which could lead to authentication bypass...

CVE-2025-63364

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext...

CVE-2025-63362

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication...

CVE-2025-63361

The Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi‑Fi Gateway is affected by CVE-2025-63361. The issue concerns firmware 3.1.1.0 (HW 4.3.2.1) with Webpage 7.04T.07.002880.0301, where the Administrator password is rendered in plaintext via the device’s web interface. Impact is limited t...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

Lantronix Telnet Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lantronix Telnet Password Recovery', 'Description' = %q This module retrieves the setup record from Lantronix serial-to-ethernet devices via the...

Westermo EDW-100

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : EDW-100 Vulnerabilities : Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2024-36081

Westermo EDW-100 serial-to-Ethernet converter is affected by CVE-2024-36081. An unauthenticated GET request can download the device configuration, exposing cleartext usernames and passwords. Impact is rated CVSS v3.1 9.8 (CRITICAL) with network access, no user interaction. Affected firmware up to...

Siemens RUGGEDCOM ROS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens RUGGEDCOM Devices Information Disclosure Vulnerability

RUGGEDCOM ROS-based devices are typically switches and serial-to-Ethernet devices used to connect equipment that operates in harsh environments, such as electric utility substations and traffic control cabinets. An information disclosure vulnerability exists in Siemens RUGGEDCOM Devices, which ca...

Denial of Service Vulnerability in USR-TCP232-410S

There are people networking to the Internet of Things communication technology as the core, the launch of industrial communications, LPWAN and gateway, Internet of Things module, industrial control machine, network IO controller and other networking communication equipment, including...

Lantronix XPort Embedded Serial to Ethernet Device Server Detection

Binary data 279.prm...

Moxa NPort Serial-to-Ethernet Server Detection

Binary data scadamoxanportdetect.nbin...