Primary

Context

Jinan USR IOT Technology Limited USR-W610 Authentication Bypass Vulnerability

Vulnerability

A vulnerability exists in the web management interface of the Jinan USR IOT Technology Limited USR-W610 device, allowing administrators to set usernames and passwords to blank values. Once these empty credentials are applied, the device can be accessed via the web management interface and Telnet service without authentication. This flaw effectively disables authentication on critical management channels, enabling any network-adjacent attacker to gain full administrative control without credentials.

Impact

Exploitation of this vulnerability disables authentication, allowing unauthorized access to administrative controls via the web management interface and Telnet service.

Remediation

Jinan USR IOT Technology Limited has declared the USR-W610 product end-of-life and will not issue a patch. Users are advised to contact PUSR and keep their systems updated.

Added: Feb 20, 2026, 5:50 PM

Updated: Feb 20, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jinan USR IOT Technology Limited USR-W610 Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating