CVE-2026-25715— Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-25715
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
Source: NVD (National Vulnerability Database)
Vulnerability Description
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all critical management channels, allowing any network-adjacent attacker to gain full administrative control without credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
弱口令要求
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jinan USR IOT USR-W610 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jinan USR IOT USR-W610是中国有人物联网(Jinan USR IOT)公司的一款串口转以太网转换器。 Jinan USR IOT USR-W610存在安全漏洞,该漏洞源于允许将管理员用户名和密码设置为空值,可能导致未经身份验证的攻击者获得完全管理控制权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 | 0 ~ 3.1.1.0 | - |
II. Public POCs for CVE-2026-25715
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-25715
请登录查看更多情报信息。
Same Patch Batch · Jinan USR IOT Technology Limited (PUSR) · 2026-02-20 · 4 CVEs total
| CVE-2026-26048 | 7.5 HIGH | Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Funct |
| CVE-2026-24455 | 7.5 HIGH | Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Infor |
| CVE-2026-26049 | 5.7 MEDIUM | Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials |
IV. Related Vulnerabilities
Same weakness: CWE-521
- CVE-2026-41038
Weak Password Policy Vulnerability in Quantum Networks Route - CVE-2026-6284
Horner Automation Cscape and XL4, XL7 PLC Weak password requ - CVE-2026-33771
CTP OS: Configuring password requirements does not work whic - CVE-2026-34203
Nautobot: Management of users via REST API does not apply co - CVE-2025-55269
HCL Aftermarket DPC is affected by Weak Password Policy vuln
V. Comments for CVE-2026-25715
No comments yet