CVE-2022-29730
CRITICALUSR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 - Use of Hard-coded Credentials
Title source: llmDescription
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.pusr.com/
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php
Scores
CVSS v3
9.8
EPSS
0.0165
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (5)
usr/usr-g800v2_firmware
1.0.36
usr/usr-g806_firmware
1.0.36
usr/usr-g807_firmware
1.0.36
usr/usr-g808_firmware
1.0.36
usr/usr-lg220-l_firmware
1.2.7
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026