Plaintext Credential Exposure in Jinan USR IOT Technology Limited Converter Firmware
CVE-2026-7786

9.8CRITICAL

Key Information:

Vendor: Jinan Usr Iot Technology Limited (pusr)
Status: Usr-w610 Rs232/485 To Wi-fi/ethernet Converter
Vendor: CVE Published:; 29 May 2026

🔔 Create Jinan Usr Iot Technology Limited (pusr) Vulnerability Alert

What is CVE-2026-7786?

The firmware of Jinan USR IOT Technology Limited's USR-W610 RS232/485 to Wi-Fi/Ethernet Converter contains embedded administrative credentials in plaintext. This security flaw allows attackers to analyze the firmware and extract sensitive authentication information. Once the credentials are obtained, unauthorized access to device services becomes possible, which could lead to severe security risks for connected systems.

Affected Version(s)

USR-W610 RS232/485 to Wi-Fi/Ethernet Converter 7.03T.07

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 4, 2026

Credit

Arun Mane and Omkar Mali reported this vulnerability to CISA.

CVE-2026-7786 Data

JSON