Primary

Context

Jinan USR IOT Technology Limited USR-W610 Web Interface Authentication Vulnerability

Vulnerability

A vulnerability exists in the embedded web interface of the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, specifically in versions through 3.1.1.0. The issue arises because the web interface does not support HTTPS/TLS for authentication, relying instead on HTTP Basic Authentication. While the traffic is encoded, it is not encrypted, leaving user credentials, including those of administrators, exposed to passive interception by attackers on the same network.

Impact

Exploitation of this vulnerability allows for the interception of user credentials, including administrator rights, during transmission over the network.

Remediation

Jinan USR IOT Technology Limited (PUSR) has declared the USR-W610 product end-of-life and has no plans to issue a patch. Users are advised to contact PUSR and keep their systems updated.

Added: Feb 20, 2026, 5:52 PM

Updated: Feb 20, 2026, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jinan USR IOT Technology Limited USR-W610 Web Interface Authentication Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating