External risk intelligence

USR-W610 Firmware Exposes Plaintext Administrative Credentials

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-7786

Plaintext administrative credentials embedded in the firmware of Jinan USR IOT Technology Limited USR-W610 converters can be extracted through firmware analysis. This could allow unauthorized authentication to device services, potentially exposing connected industrial or IoT equipment.

4Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-7786

The affected product is a serial-to-Ethernet/Wi-Fi converter, which is a type of industrial networking gateway designed to bridge local hardware to network environments. These devices are frequently deployed to provide remote access or management connectivity for industrial or IoT equipment, often placing them in a position where they are exposed to network-accessible segments or the internet.

PCI scan relevance

PCI Relevance for CVE-2026-7786

Yes

CVE-2026-7786 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows for the extraction of plaintext administrative credentials, potentially leading to authentication bypass and unauthorized access, which would cause a PCI ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A security vulnerability has been identified in certain Jinan USR IOT Technology Limited devices, specifically affecting firmware that contains hardcoded administrative credentials. This means sensitive information could be exposed, potentially allowing unauthorized access to the device's management functions. The main concern is confirming relevance and exposure within our environment.

Embedded credentials allow unauthorized access.
Affects critical industrial network converters.
Confirm device relevance and assess exposure.

Attack Path

How an attacker could exploit the issue

An attacker can obtain plaintext administrative credentials by analyzing the device's firmware. Once these credentials are found, the attacker can use them to authenticate to the device's services without needing any special access or privileges. This access allows the attacker to potentially control the device and any connected systems.

Entry condition: Firmware analysis.
Trigger point: Device authentication.
Resulting risk: Complete device compromise.

Live Threat

Current exploitation, exposure, and threat context

Plaintext administrative credentials embedded in the firmware of this serial-to-Ethernet/Wi-Fi converter could be extracted through firmware analysis. When supported by the advisory, these credentials may then be used to authenticate to device services, potentially exposing connected industrial or IoT equipment.

Device administrative access.
Firmware analysis exposes credentials.
Unauthorized access to connected systems.

Operational Fix

Recommended remediation, mitigation, and detection steps

The USR-W610 converter's firmware contains plaintext administrative credentials, posing a significant risk due to potential unauthorized access. System owners and network security teams should lead the initial response by identifying all deployed devices, assessing their network exposure and business criticality, and confirming accountability for remediation. Planning for updates or replacements should be prioritized based on risk, with vendor coordination likely necessary.

Device and network owners should be accountable.
Verify device reachability and criticality.
Plan for vendor-coordinated remediation.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the USR-W610 converter used for?

The USR-W610 is a serial-to-Ethernet/Wi-Fi gateway manufactured by Jinan USR IOT Technology Limited. It serves as a bridge that connects local industrial or IoT serial hardware to modern network environments, enabling remote communication and management for devices that would otherwise lack network connectivity.

What does CWE-798 mean for CVE-2026-7786?

CWE-798 refers to the use of hard-coded credentials. In this specific vulnerability, the firmware contains administrative passwords in plaintext. This is a design weakness where security keys are permanently embedded in the software, allowing anyone who can access the firmware image to easily extract the credentials and gain full administrative control over the device.

How are these credentials triggered?

An attacker must first obtain and analyze the device firmware to recover the plaintext credentials. Once extracted, these credentials can be used to authenticate directly to the device's management services. Simply browsing or interacting with the device normally over the network will not trigger the vulnerability; the attacker must perform the offline analysis step first to acquire the secret data.

Is my device at risk based on Halo Surface Signal?

Halo Surface Signal indicates the USR-W610 is often deployed to provide remote management, which frequently results in these converters being placed on internet-accessible or network-exposed segments. If your device is reachable from outside your local network, the risk is higher because an attacker does not need physical access to target the device services.

How should I respond to this vulnerability?

First, identify all deployed USR-W610 units in your environment and confirm their current network exposure and business criticality. Coordinate with your team to maintain accountability for these assets, and prepare for potential firmware updates or device replacements by tracking official guidance from the vendor to address the embedded credential issue.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.