Critical Flaws in PUSR USR-W610 Impact Critical Manufacturing

Overview

Jinan USR IOT Technology Limited (PUSR) USR-W610 industrial gateways are affected by multiple critical and high-severity vulnerabilities that could permit complete device takeover, credential theft, or denial-of-service (DoS) conditions. These devices are predominantly utilized in the Critical Manufacturing sector worldwide to bridge serial-to-Wi-Fi communications. According to CISA Advisory ICSA-26-050-03, the vendor has classified these products as End-of-Life (EOL), meaning no security patches will be released to address these flaws.

Technical Analysis

The most severe vulnerability is CVE-2026-25715, which carries a CVSS base score of 9.8. This flaw resides in the web management interface and permits the administrator to set both the username and password to blank values. Once these empty credentials are saved, the device allows authentication without any password over both the web interface and the Telnet service. A network-adjacent attacker can exploit this to gain full administrative control, effectively removing the security boundary of the device.

Secondary vulnerabilities facilitate credential exposure and network disruption:

Credential Exposure (CVE-2026-24455 and CVE-2026-26049)

The USR-W610 lacks support for HTTPS/TLS, relying instead on HTTP Basic Authentication. Because traffic is only encoded (Base64) rather than encrypted, any attacker positioned on the same network can intercept management traffic to steal valid administrative credentials (CVE-2026-24455). Furthermore, the web interface displays passwords in plaintext within input fields. This design flaw, tracked as CVE-2026-26049, exposes secrets to unauthorized local observation, browser caching, or shoulder surfing.

Wireless Denial-of-Service (CVE-2026-26048)

The device fails to implement Management Frame Protection (MFP). This omission allows attackers to broadcast forged de-authentication or disassociation frames. Since these frames are unauthenticated and unencrypted, a malicious actor can force the gateway to disconnect from the wireless network, creating a persistent denial-of-service condition for critical industrial processes.

Strategic Impact

The intersection of high-severity vulnerabilities and EOL status creates a significant risk profile for industrial environments. Because these gateways often handle data for sensitive manufacturing equipment, an authentication bypass allows attackers to pivot deeper into the OT (Operational Technology) network or modify serial data streams. The lack of a vendor-supplied fix necessitates immediate defensive architecture changes rather than traditional patching cycles.

Recommendations and Mitigations

Since no patches are available, defenders must prioritize compensatory controls or hardware replacement:

• Network Isolation: Ensure USR-W610 devices are never directly accessible from the internet. Isolate OT networks from business networks using firewalls.
• VPN Utilization: If remote access is required, wrap all management traffic in an encrypted VPN tunnel to mitigate the risks associated with unencrypted HTTP/Telnet traffic.
• Wi-Fi Hardening: Monitor for abnormal de-authentication frame activity which may indicate exploitation of CVE-2026-26048.
• Hardware Lifecycle Management: Organizations should identify all deployed USR-W610 units and develop a migration plan to move toward supported hardware that implements modern security standards such as HTTPS and WPA3 with Management Frame Protection.