HIGHCVE-2026-24455Published Modified CNA icscert
CVE-2026-24455: Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Information
The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Jinan USR IOT Technology Limited (PUSR) / USR-W610≤ 3.1.1.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences