Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials

5.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Description

The web management interface of the device renders the passwords in a
plaintext input field. The current password is directly visible to
anyone with access to the UI, potentially exposing administrator
credentials to unauthorized observation via shoulder surfing,
screenshots, or browser form caching.

Basic Information

ID CVE-2026-26049

Source icscert

Published Feb 20, 2026 at 16:03

Modified Feb 20, 2026 at 16:07

Affected Product

Vendor Jinan USR IOT Technology Limited (PUSR)

Product USR-W610

Affected Versions Jinan USR IOT Technology Limited (PUSR) USR-W610 0

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "The web management interface of the device renders the passwords in a \nplaintext input field. The current password is directly visible to \nanyone with access to the UI, potentially exposing administrator \ncredentials to unauthorized observation via shoulder surfing, \nscreenshots, or browser form caching.",
    "published": "2026-02-20T16:03:56.928Z",
    "modified": "2026-02-20T16:07:25.350Z",
    "type": "cve",
    "title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json",
    "id": "CVE-2026-26049",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "Jinan USR IOT Technology Limited (PUSR) USR-W610 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "USR-W610",
    "version": "0",
    "vendor": "Jinan USR IOT Technology Limited (PUSR)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials_CVE-2026-26049