---
title: "Critical Flaw in PUSR USR-W610 Converter Grants Admin Access"
short_title: "PUSR USR-W610 hard-coded credentials flaw"
description: "A critical vulnerability (CVE-2026-7786) in PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet converters allows attackers to gain admin access. Learn mitigation steps now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [cve-2026-7786, hard-coded-credentials, iot-security, critical-vulnerability, pusr]
score: 0.92
cve_ids: [CVE-2026-7786]
---
## TL;DR
A critical vulnerability (CVE-2026-7786) in the PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet converter exposes hard-coded administrative credentials in its firmware. Attackers can exploit this flaw to gain full admin access, compromising industrial systems worldwide. Immediate mitigation is required to prevent potential breaches in critical manufacturing sectors.
Main Content
### Introduction
Industrial IoT devices are increasingly targeted by cybercriminals due to their widespread use in critical infrastructure. The Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet converter, a popular device for bridging serial and network communications, has been found to contain a severe vulnerability. This flaw, identified as CVE-2026-7786, involves hard-coded credentials embedded in the device’s firmware, allowing unauthorized access to administrative functions.
### Key Points
- Vulnerability: CVE-2026-7786 (CVSS 9.8, Critical) enables attackers to extract plaintext administrative credentials from the firmware.
- Affected Device: PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet converter (version 7.03T.07).
- Impact: Successful exploitation grants full admin access, potentially compromising industrial control systems (ICS) in critical manufacturing sectors.
- Global Deployment: The device is deployed worldwide, increasing the risk of widespread exploitation.
- Vendor Response: PUSR has not responded to coordination attempts by CISA, leaving users responsible for mitigating the risk.
### Technical Details
The vulnerability stems from the use of hard-coded credentials in the USR-W610’s firmware. These credentials are stored in plaintext and can be extracted through firmware analysis. Once obtained, attackers can authenticate to the device’s services, gaining unrestricted administrative access.
#### Attack Vector
- Exploitation Method: Attackers with network access to the device can extract the hard-coded credentials from the firmware image.
- Authentication Bypass: The credentials allow direct access to administrative functions without requiring user interaction.
- Potential Consequences: Unauthorized configuration changes, data exfiltration, or disruption of industrial processes.
### Impact Assessment
#### Severity and Scope
- CVSS Score: 9.8 (Critical), reflecting the high risk of exploitation and severe impact.
- Affected Sectors: Primarily critical manufacturing, but other industries using the device for serial-to-network conversion may also be at risk.
- Geographical Impact: The vulnerability affects devices deployed worldwide, amplifying the potential for large-scale attacks.
#### Real-World Implications
- Industrial Espionage: Attackers could gain access to sensitive industrial data or intellectual property.
- Operational Disruption: Unauthorized changes to device configurations could lead to downtime or safety incidents.
- Supply Chain Risks: Compromised devices may serve as entry points for further attacks on connected systems.
### Mitigation Steps
Given the lack of response from PUSR, users must take proactive measures to secure their devices:
1. Network Isolation
- Minimize network exposure for all control system devices. Ensure they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolate them from business networks.
2. Secure Remote Access
- When remote access is required, use secure methods such as Virtual Private Networks (VPNs).
- Ensure VPNs are updated to the latest version and configured with strong authentication.
3. Monitoring and Detection
- Implement intrusion detection systems (IDS) to monitor for suspicious activity.
- Regularly audit device logs for unauthorized access attempts.
4. Firmware Updates
- Contact PUSR to inquire about firmware updates or patches addressing this vulnerability.
- If no updates are available, consider replacing affected devices with secure alternatives.
5. Defensive Strategies
- Follow CISA’s recommended practices for control systems security, including defense-in-depth strategies.
- Review CISA’s ICS-TIP-12-146-01B for targeted cyber intrusion detection and mitigation strategies.
## Conclusion
The CVE-2026-7786 vulnerability in the PUSR USR-W610 converter highlights the critical risks posed by hard-coded credentials in industrial IoT devices. With a CVSS score of 9.8, this flaw represents a severe threat to organizations relying on these devices for serial-to-network communication. As PUSR has not responded to coordination efforts, users must act swiftly to isolate affected devices, implement secure remote access, and monitor for malicious activity.
Organizations are urged to stay vigilant, follow CISA’s mitigation guidelines, and prioritize the security of their industrial control systems. No known public exploitation has been reported yet, but the window for proactive defense is closing rapidly.
## References
[^1]: CISA. "ICSA-26-148-02: Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter". Retrieved 2024-10-02.
[^2]: MITRE. "CWE-798: Use of Hard-coded Credentials". Retrieved 2024-10-02.
[^3]: CVE Details. "CVE-2026-7786". Retrieved 2024-10-02.