How is CVE-2026-7786 exploited?

Network reachability (required): The attacker must be able to reach the converter's management services over the network (AV:N). Authentication (not-required): No prior account is needed; the hard-coded credentials extracted from firmware serve as the authentication (PR:N). Victim interaction (not-required): No user action on the device side is required for the login to succeed (UI:N). Attack complexity (info): Attack complexity is low: once the credentials are recovered from a firmware image, login is reliable and condition-free (AC:L).

What is the impact of CVE-2026-7786?

Authenticates as administrator on the USR-W610 and gains full control of the device's management interface. Reads and exfiltrates serial traffic and network configuration bridged by the converter, including any credentials or process data flowing through it. Modifies device configuration, firmware settings, and routing between RS232/485 and Wi-Fi/Ethernet, enabling tampering with downstream industrial equipment. Disrupts or disables the converter, cutting the serial-to-network bridge and the systems that depend on it.

Back to search

CRITICALCVE-2026-7786Published 2026-05-29Modified 2026-05-29CNA icscert

CVE-2026-7786: Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is a hard-coded credentials flaw in the Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter, where administrative passwords are stored in plaintext inside the firmware image. Anyone who can reach the device over the network can extract those credentials from a downloaded firmware copy and log in as an administrator, with no prior account or user interaction required. Successful login gives full control of the converter, including the data it bridges between serial and network interfaces. No upstream fix has been published; HarborGuard tracks the advisory and will make a patched-image rebuild available once vendor firmware lands.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE ingested from upstream ICS-CERT and NVD feeds within minutes of publication and matched against images and firmware artifacts in customer registries and CI pipelines. Coverage includes custom-built images and embedded firmware bundles that vendor the affected USR-W610 components.

Available

Triage

Triage is available with the published CVSS 9.8 (Critical) score weighted against each customer's compliance policy, so an OT or ICS-tagged environment can escalate this further than a general-purpose workload. Findings route to the inbox configured for critical network-exposed device issues in each customer org.

Available

Patch

No vendor fix is published yet, so a patched rebuild cannot be produced at this time. HarborGuard re-checks the ICS-CERT advisory on every ingest cycle and will make a patched-image rebuild available the moment upstream firmware ships; customers with auto-remediation enabled will then get a rebuild, regression-test run, and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the converter's management services over the network (AV:N).
AuthenticationNot required
No prior account is needed; the hard-coded credentials extracted from firmware serve as the authentication (PR:N).
Victim interactionNot required
No user action on the device side is required for the login to succeed (UI:N).
Attack complexityDetail
Attack complexity is low: once the credentials are recovered from a firmware image, login is reliable and condition-free (AC:L).

Blast Radius

Authenticates as administrator on the USR-W610 and gains full control of the device's management interface.
Reads and exfiltrates serial traffic and network configuration bridged by the converter, including any credentials or process data flowing through it.
Modifies device configuration, firmware settings, and routing between RS232/485 and Wi-Fi/Ethernet, enabling tampering with downstream industrial equipment.
Disrupts or disables the converter, cutting the serial-to-network bridge and the systems that depend on it.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the ICS-CERT advisory for USR-W610 firmware 7.03T.07, with the CVE flagged Critical against any image or firmware bundle that ships the affected component. Until vendor firmware is released, compensating-control guidance is surfaced alongside the finding, including isolating the converter on a dedicated management VLAN, blocking its admin services from general network reachability, restricting egress, and gating any device-facing automation behind a feature flag. The moment an upstream fix is published, a patched-image rebuild becomes available automatically, and environments with auto-remediation enabled get a rebuild, regression run, and PR opened against affected workloads without manual intervention.

See how HarborGuard automates this

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Jinan USR IOT Technology Limited (PUSR) / USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
7.03T.07

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References