CVE-2026-7786NVD

Vulnerability Summary

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Severity Level

CRITICAL(9.8)

Published Date

May 29, 2026

Last Modified

Jun 1, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-798: Use of Hard-coded Credentials ↗

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

EPSS Score (30-Day)

0.05%Probability

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-02