Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
Summary
CISA has issued an alert for a critical vulnerability (CVE-2026-7786) in Jinan USR IOT Technology Limited's USR-W610 RS232/485 to Wi-Fi/Ethernet Converter. The vulnerability stems from hard-coded administrative credentials embedded in the firmware, which can be exploited for administrator access. The affected product is deployed worldwide, including in critical manufacturing sectors.
IFF Assessment
This vulnerability allows attackers to gain administrator access to critical infrastructure devices, posing a significant threat to operational security.
Severity
The CVSS score of 9.8 (Critical) is assigned due to the use of hard-coded credentials, which allows for straightforward authentication by an attacker with no special privileges. The attack vector is likely network, and the impact is high, granting administrative control over the device.
Defender Context
This alert highlights a critical vulnerability in an Industrial IoT (IIoT) device commonly found in critical infrastructure. Defenders should be aware of the risks associated with hard-coded credentials in such devices and prioritize checking for and mitigating this specific vulnerability if the USR-W610 is in their environment. The lack of vendor response is also a concern, underscoring the importance of proactive security assessments and vendor risk management.