CVE 9.8 CRITICAL

Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements_CVE-2026-25715

February 20, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. This effectively disables
authentication across all critical management channels, allowing any
network-adjacent attacker to gain full administrative control without
credentials.

AI Analysis

Weak password requirements allow authentication with empty credentials, enabling full administrative control without credentials.

Basic Information

ID CVE-2026-25715

Source icscert

Published Feb 20, 2026 at 15:56

Modified Feb 20, 2026 at 15:58

Affected Product

Vendor Jinan USR IOT Technology Limited (PUSR)

Product USR-W610

Affected Versions Jinan USR IOT Technology Limited (PUSR) USR-W610 0

CWE Classification

CWE-521

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Jinan USR IOT Technology Limited (PUSR)

Product USR-W610

References

{
    "lastseen": "",
    "description": "The web management interface of the device allows the administrator \nusername and password to be set to blank values. Once applied, the \ndevice permits authentication with empty credentials over the web \nmanagement interface and Telnet service. This effectively disables \nauthentication across all critical management channels, allowing any \nnetwork-adjacent attacker to gain full administrative control without \ncredentials.",
    "published": "2026-02-20T15:56:16.805Z",
    "modified": "2026-02-20T15:58:41.421Z",
    "type": "cve",
    "title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json",
    "id": "CVE-2026-25715",
    "bulletinFamily": "",
    "cwe": [
        "CWE-521"
    ],
    "cvelist": null,
    "sourceData": "Jinan USR IOT Technology Limited (PUSR) USR-W610 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "USR-W610",
    "version": "0",
    "vendor": "Jinan USR IOT Technology Limited (PUSR)",
    "ai_description": "Weak password requirements allow authentication with empty credentials, enabling full administrative control without credentials.",
    "ai_severity": "Critical",
    "ai_vendor": "Jinan USR IOT Technology Limited (PUSR)",
    "ai_product": "USR-W610",
    "ai_version": "0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply