CVE-2026-7786 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 t… | CVSS 9.8 CRITICAL

Description

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Metadata

CVE ID: CVE-2026-7786
State: PUBLISHED
Assigner: icscert
Reserved: 2026-05-04 16:07 UTC
Published: 2026-05-29 17:11 UTC
Last updated: 2026-05-29 19:31 UTC
Primary CWE: CWE-798
CWE-798
Vendor / Product: Jinan USR IOT Technology Limited (PUSR) / USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Jinan USR IOT Technology Limited (PUSR)	USR-W610 RS232/485 to Wi-Fi/Ethernet Converter	—	7.03T.07

Weakness (CWE)

CWE	Source	Description
CWE-798	cna	CWE-798

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)