CVE-2026-7786
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
The firmware of the USR-W610 device by Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.
Risk Assessment
The presence of plaintext credentials poses a significant security risk, allowing unauthorized users to gain access to the device and its functions.
Recommendation
It is recommended to update the device firmware to remove the embedded administrative credentials and implement strong authentication mechanisms.
Original NVD description (English source)
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

