CVE-2026-7786

CRITICAL

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Title source: cna

Description

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

References (2)

Core 2

Core References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-02

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-02.json

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

Jinan USR IOT Technology Limited (PUSR)/USR-W610 RS232/485 to Wi-Fi/Ethernet Converter 7.03T.07

Published May 29, 2026

Tracked Since May 29, 2026