Critical Security Flaw Exposes Industrial IoT Converters

A critical vulnerability (CVE-2026-7786, CVSS 9.8) has been reported in Jinan USR IOT USR-W610 serial-to-Ethernet converters: hardcoded administrative credentials embedded in the device firmware can be extracted via basic firmware analysis, allowing attackers to authenticate, gain full administrative control, intercept or modify data, and potentially pivot into adjacent networks. The vendor did not respond to coordination attempts; recommended mitigating actions include isolating affected assets, disabling exposed management interfaces, and applying strict access control lists.