Plaintext Password Exposure in Web Management Interface of Affected Device
CVE-2026-26049

5.7MEDIUM

Key Information:

Vendor: Jinan Usr Iot Technology Limited (pusr)
Status: Usr-w610
Vendor: CVE Published:; 20 February 2026

🔔 Create Jinan Usr Iot Technology Limited (pusr) Vulnerability Alert

What is CVE-2026-26049?

The web management interface of the affected device exposes passwords in plaintext. This design flaw allows anyone with access to the user interface to view current passwords directly, risking unauthorized observation. Scenarios such as shoulder surfing, screenshots, or browser form caching can lead to the compromise of administrator credentials, highlighting significant security concerns for users of this device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

USR-W610 0 <= 3.1.1.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 10, 2026

Credit

Abhishek Pandey of Payatu Security Consulting reported this to CISA.

JSON

Jinan Usr Iot Technology Limited (pusr)