Vulnerability in Web Interface of Device Lacking HTTPS Support by Vendor
CVE-2026-24455

7.5HIGH

Key Information:

Vendor: Jinan Usr Iot Technology Limited (pusr)
Status: Usr-w610
Vendor: CVE Published:; 20 February 2026

🔔 Create Jinan Usr Iot Technology Limited (pusr) Vulnerability Alert

What is CVE-2026-24455?

The device's web interface exposes significant security vulnerabilities by relying on HTTP Basic Authentication without supporting HTTPS/TLS. This approach means that while traffic is encoded, it remains unencrypted, making it susceptible to interception by attackers on the same network. As a result, user credentials can be easily captured, leading to unauthorized access and potential exploitation of the device. Implementing secure protocols is essential to mitigate these risks and protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

USR-W610 0 <= 3.1.1.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 10, 2026

Credit

Abhishek Pandey of Payatu Security Consulting reported this to CISA.

JSON

Jinan Usr Iot Technology Limited (pusr)

What is CVE-2026-24455?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.