CISA ICSA-26-148-02 USR IOT USR-W610 Hardcoded Credentials Advisory

Vulnerability Overview Vulnerability Name: Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter CVE ID: CVE-2026-7786 CVSS Score: v3.9.8 Vulnerability Type: Use of Hard-coded Credentials Impact: Successful exploitation of this vulnerability may allow attackers to gain administrative access to the device. Affected Versions Affected Versions: USR-W610 RS232/485 to Wi-Fi/Ethernet Converter 7.03T.07 Critical Infrastructure Sector: Critical Manufacturing Deployment Region: Global Company Headquarters Location: China Remediation Recommended Practices: - Minimize the network exposure of all control systems devices and/or systems, ensuring they are not accessible from the Internet. - Place control systems networks and remote devices behind firewalls and isolate them from business networks. - When remote access is required, use more secure methods such as Virtual Private Networks (VPN), and recognize that VPNs may have vulnerabilities; update to the latest version. - Perform appropriate impact analysis and risk assessment before deploying defensive measures. - Implement recommended cybersecurity strategies to proactively defend ICS assets. - Follow internal procedures to report suspicious malicious activity. Additional Information Publication Date: May 28, 2026 Alert Code: ICSA-26-148-02 Related Topics: Industrial Control Systems Vulnerabilities, Industrial Control Systems Acknowledgments: Arun Mane and Omkar Mali reported this vulnerability to CISA. Tags Industry: Critical Manufacturing Topics: Industrial Control Systems Vulnerabilities, Industrial Control Systems Revision History Initial Publication Date: May 28, 2026 Revision: 1 Summary: Initial Release Legal Notice and Terms of Use This product is subject to the terms of this notice and the Privacy and Use Policy. Share Feedback We have recently updated the anonymous product survey and welcome your feedback. Related Advisories ABB EIBPORT ABB Busch-Welcome 2 Wire Door Opener Actuator XCharge C6 MacGregor Voyage Data Recorder (VDR) G4e Footer Information CISA Central 1-844-Say-CISA contact@cisa.dhs.gov Navigation Bar Topics Spotlight Resources & Tools News & Events Careers About Footer Links About CISA Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe The White House USA.gov Website Feedback Footer Icons Facebook X LinkedIn RSS Footer Logo Cybersecurity & Infrastructure Security Agency CISA.gov An official website of the U.S. Department of Homeland Security Footer Search Box Search Footer Buttons NO-COST CYBER SERVICES SECURE BY DESIGN SECURE YOUR BUSINESS SHIELDS UP REPORT A CYBER ISSUE Footer Copyright © 2026 Cybersecurity & Infrastructure Security Agency Footer Disclaimer An official website of the United States government Here's how you know Footer Language Selector English Footer Social Media Links Facebook X LinkedIn RSS Footer Contact Information 1-844-Say-CISA contact@cisa.dhs.gov Footer Navigation Links About CISA Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe The White House USA.gov Website Feedback Footer Social Media Icons Facebook X LinkedIn RSS Footer Logo Cybersecurity & Infrastructure Security Agency CISA.gov An official website of the U.S. Department of Homeland Security Footer Search Box Search Footer Buttons NO-COST CYBER SERVICES SECURE BY DESIGN SECURE YOUR BUSINESS SHIELDS UP REPORT A CYBER ISSUE Footer Copyright © 2026 Cybersecurity & Infrastructure Security Agency Footer Disclaimer An official website of the United States government Here's how you know Footer Language Selector English Footer Social Media Links Facebook X LinkedIn RSS Footer Contact Information 1-844-Say-CISA contact@cisa.dhs.gov Footer Navigation Links About CISA Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe The White House USA.gov Website Feedback Footer Social Media Icons Facebook X LinkedIn RSS Footer Logo Cybersecurity & Infrastructure Security Agency CISA.gov An official website of the U.S. Department of Homeland Security Footer Search Box Search Footer Buttons NO-COST CYBER SERVICES SECURE BY DESIGN SECURE YOUR BUSINESS SHIELDS UP REPORT A CYBER ISSUE Footer Copyright © 2026 Cybersecurity & Infrastructure Security Agency Footer Disclaimer An official website of the United States government Here's how you know Footer Language Selector English Footer Social Media Links Facebook X LinkedIn RSS Footer Contact Information 1-844-Say-CISA contact@cisa.dhs.gov Footer Navigation Links About CISA Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe The White House USA.gov Website Feedback Footer Social Media Icons Facebook X LinkedIn RSS Footer Logo Cybersecurity & Infrastructure Security Agency CISA.gov An official website of the U.S. Department of Homeland Security Footer Search Box Search Footer Butto

Goal Reached Thanks to every supporter — we hit 100%!

CISA ICSA-26-148-02 USR IOT USR-W610 Hardcoded Credentials Advisory

More from this source