CVE-2026-7786 | THREATINT

Description

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

PUBLISHED Reserved 2026-05-04 | Published 2026-05-29 | Updated 2026-05-29 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-798

Product status

Default status

unaffected

7.03T.07

affected

Credits

Arun Mane and Omkar Mali reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-148-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-148-02.json

cve.org (CVE-2026-7786)

nvd.nist.gov (CVE-2026-7786)

Download JSON