‹ Back to ICS Advisories

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

CRITICAL

CVSS 9.8

Date 2026-05-28T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2026-7786	9.8	critical	The device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

// Remediations (1)

Mitigation: Jinan USR IOT Technology Limited (PUSR) did not respond to CISA's attempts at coordination. Users of

Jinan USR IOT Technology Limited (PUSR) did not respond to CISA's attempts at coordination. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.

// References

CISA ICSA-26-148-02
CISA https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-148-02.json
CISA https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-02
CISA https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
CISA https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
CISA https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
CISA https://www.cisa.gov/topics/industrial-control-systems
CISA https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01
CISA https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
CISA https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b
CISA https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing
CISA https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks