Jinan USR IOT Technology Limited USR-W610 Web Management Interface Password Exposure Vulnerability

A vulnerability exists in the web management interface of the Jinan USR IOT Technology Limited (PUSR) USR-W610) device, where passwords are displayed in a plaintext input field. This issue allows anyone with access to the user interface to see the current password, potentially leading to unauthorized observation of administrator credentials through shoulder surfing, screenshots, or browser form caching.

Impact

Exploitation of this vulnerability could result in unauthorized access to administrator credentials, allowing for potential misuse of administrative privileges.

Remediation

Jinan USR IOT Technology Limited (PUSR) has stated that the USR-W610 product is end-of-life and there are no plans to patch this vulnerability. Users are encouraged to contact PUSR and keep their systems up to date.