Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7786 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7786 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7786 is a hardcoded plaintext credential vulnerability affecting the firmware of the Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter, a serial-to-network device commonly used in industrial and operational technology environments.

Technical Detail

The USR-W610 firmware contains administrative credentials stored in plaintext directly within the firmware image, meaning any party who extracts or inspects the firmware binary can recover valid credentials without any reverse engineering of encrypted or obfuscated data. An attacker who obtains the firmware -- through direct device access, public firmware repositories, or network interception -- can use these credentials to authenticate to the device's administrative interface and gain full control. Successful exploitation enables complete device compromise, including configuration modification, traffic interception across bridged serial and network interfaces, and potential lateral movement into connected OT or IT networks.

Exploitation Status

No known exploit code has been publicly documented for this vulnerability as of June 05, 2026, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. However, the nature of the flaw -- static, recoverable credentials -- means exploitation requires no specialized tooling once the credentials are identified, significantly lowering the practical barrier to abuse.

Who Is Targeting This

No confirmed threat actor attribution has been established for this vulnerability. Reported (research-inferred): REDCURL, SCATTEREDSPIDER, MUDDYWATER, MAGICHOUND, and LEAFMINER have been associated with this CVE at medium confidence, though motivations are currently unknown for each. These associations are research-inferred and have not been independently verified through observed exploitation activity. No campaigns leveraging this vulnerability have been documented at this time.

What To Do

Organizations using the USR-W610 should check with Jinan USR IOT Technology Limited for an updated firmware release that removes hardcoded credentials and apply it immediately upon availability. In the interim, isolate USR-W610 devices behind network segmentation controls and restrict administrative interface access to trusted management hosts only, using firewall rules or VLAN separation. If the device's administrative interface is exposed to untrusted networks, take it offline or place it behind a VPN gateway until a patch is confirmed. Audit network traffic to and from these devices for anomalous authentication attempts or configuration changes. Given the CVSS score of 9.8, this should be treated as a high-priority remediation item regardless of current exploitation status.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →