CVE Catalog

CVE-2026-7786

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

40th percentile — higher than 40% of all known CVEs

Summary

The firmware of the USR-W610 device by Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Risk Assessment

The presence of plaintext credentials poses a significant security risk, allowing unauthorized users to gain access to the device and its functions.

Recommendation

It is recommended to update the device firmware to remove the embedded administrative credentials and implement strong authentication mechanisms.

Original NVD description (English source)

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS