CVE-2026-7786
Deferred Deferred - Pending Action
Plaintext Admin Credentials in USR-W610 Firmware

Publication date: 2026-05-29

Last updated on: 2026-06-16

Assigner: ICS-CERT

Description
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-16
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-7786
EUVD
EUVD-2026-33374
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jinan_usr_iot_technology_limited usr-w610 *
jinan_usr_iot_technology_limited pusr_usr-w610 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7786 is a critical vulnerability in the firmware of the Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device.

The firmware contains plaintext administrative credentials embedded within the firmware image. These credentials can be extracted by analyzing the firmware.

An attacker who obtains these credentials can authenticate to the device services with administrator-level access.

Impact Analysis

This vulnerability allows an attacker to gain unauthorized administrator access to the affected device.

With such access, the attacker can compromise the confidentiality, integrity, and availability of the device and its services.

This could lead to unauthorized control, data theft, disruption of device operations, or further network compromise.

Detection Guidance

This vulnerability involves plaintext administrative credentials embedded in the firmware image of the PUSR USR-W610 device. Detection typically requires firmware analysis to extract these credentials.

There are no specific commands provided in the available resources to detect this vulnerability directly on your network or system.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to minimize network exposure of the affected devices by isolating them behind firewalls.

Use secure remote access methods such as VPNs to access these devices.

Contact the vendor, PUSR, for any available updates or patches, although no response has been reported from them so far.

Additionally, follow guidance on securing industrial control systems as provided by CISA.

Compliance Impact

The vulnerability allows attackers to extract plaintext administrative credentials from the device firmware, enabling unauthorized access to device services. This unauthorized access can lead to compromise of confidentiality, integrity, and availability of data and systems.

Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure access controls to prevent unauthorized access and data breaches.

Organizations using affected devices should consider this vulnerability a significant risk to regulatory compliance and implement recommended mitigations such as minimizing network exposure, isolating devices behind firewalls, and using secure remote access methods.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart