CISA 2026-05-28

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

CVE-2026-7786

Machine-generated analysis · WAYSCloud LLM

The advisory states that hard-coded administrative credentials are present in the firmware of the affected device, which can be extracted and used to gain unauthorized access.

Context

The Jinan USR IOT Technology Limited (PUSR) USR-W610 is an RS232/485 to Wi-Fi/Ethernet converter used to bridge serial devices to networked environments. The advisory states that version 7.03T.07 contains hard-coded credentials in the firmware that can be extracted and used to authenticate to device services. This issue affects devices deployed worldwide, and the vendor did not respond to CISA's coordination attempts. Worth noting is that the credentials are stored in plaintext, making them easily accessible through firmware analysis.

Operator considerations

Check: Inventory all USR-W610 devices running firmware version 7.03T.07
Isolate: Segment affected devices from critical networks and limit external access
Patch: No patch or mitigation is provided by the vendor; users are advised to contact PUSR directly
Log: Monitor authentication attempts to device services, especially for default or known credentials

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device.

The following versions of Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter are affected:

USR-W610 RS232/485 to Wi-Fi/Ethernet Converter 7.03T.07

Vendor

Equipment

Jinan USR IOT Technology Limited (PUSR)

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

Use of Hard-coded Credentials

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: China

The device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet ...

Read the full advisory on CISA →