Search criteria
2 vulnerabilities found for USR-W610 RS232/485 to Wi-Fi/Ethernet Converter by Jinan USR IOT Technology Limited (PUSR)
CVE-2026-7786 (GCVE-0-2026-7786)
Vulnerability from nvd – Published: 2026-05-29 17:11 – Updated: 2026-05-29 17:11
VLAI
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Summary
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.
Severity
9.8 (Critical)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 RS232/485 to Wi-Fi/Ethernet Converter |
Affected:
7.03T.07
|
Date Public
2026-05-28 17:01
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610 RS232/485 to Wi-Fi/Ethernet Converter",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"status": "affected",
"version": "7.03T.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arun Mane and Omkar Mali reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-28T17:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eJinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter\u003c/span\u003e\n\u003cspan\u003edevice firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.\u003c/span\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter\ndevice firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T17:11:33.184Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-02.json"
}
],
"source": {
"advisory": "ICSA-26-148-02",
"discovery": "EXTERNAL"
},
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eJinan USR IOT Technology Limited (PUSR) did not respond to CISA\u0027s attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.\u003c/span\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) did not respond to CISA\u0027s attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-7786",
"datePublished": "2026-05-29T17:11:33.184Z",
"dateReserved": "2026-05-04T16:07:42.001Z",
"dateUpdated": "2026-05-29T17:11:33.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7786 (GCVE-0-2026-7786)
Vulnerability from cvelistv5 – Published: 2026-05-29 17:11 – Updated: 2026-05-29 17:11
VLAI
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Summary
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.
Severity
9.8 (Critical)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 RS232/485 to Wi-Fi/Ethernet Converter |
Affected:
7.03T.07
|
Date Public
2026-05-28 17:01
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610 RS232/485 to Wi-Fi/Ethernet Converter",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"status": "affected",
"version": "7.03T.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arun Mane and Omkar Mali reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-28T17:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eJinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter\u003c/span\u003e\n\u003cspan\u003edevice firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.\u003c/span\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter\ndevice firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T17:11:33.184Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-02.json"
}
],
"source": {
"advisory": "ICSA-26-148-02",
"discovery": "EXTERNAL"
},
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eJinan USR IOT Technology Limited (PUSR) did not respond to CISA\u0027s attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.\u003c/span\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) did not respond to CISA\u0027s attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-7786",
"datePublished": "2026-05-29T17:11:33.184Z",
"dateReserved": "2026-05-04T16:07:42.001Z",
"dateUpdated": "2026-05-29T17:11:33.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}