CVE-2026-26049

Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials

CVSS 5.7 MEDIUMEPSS 0.3%CWE-522

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form caching.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Affected products

Jinan USR IOT Technology Limited (PUSR) · USR-W610

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03