[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-hardcoded-admin-passwords-found-in-usrw610-industrial-gateway":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":22,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},1011,"hardcoded-admin-passwords-found-in-usrw610-industrial-gateway","Hard‑coded admin passwords found in USR‑W610 industrial gateway","CISA flags a critical flaw in Jinan USR IOT’s USR‑W610 converter that could let attackers seize full control of the device.","A CISA advisory reveals that firmware for the USR‑W610 RS232\u002F485 to Wi‑Fi\u002FEthernet converter embeds plaintext admin credentials. The flaw scores 9.8 on the CVSS scale and applies to version 7.03T.07, a model used worldwide in critical manufacturing.\n\nThe vulnerability allows anyone who can extract the firmware – a straightforward reverse‑engineering step – to log in as administrator without authentication. Once inside, an attacker could reconfigure network settings, install malicious code, or move laterally into connected control‑system networks.\n\nFor operators, the risk is immediate: the device sits at the edge of industrial networks, often exposed to remote access for monitoring. hard‑coded passwords undermine the very premise of secure remote management and repeat a pattern seen in other IoT‑focused gear, where manufacturers prioritize cost over security.\n\nCISA notes no public exploits yet, but the advisory urges firewalls, VPNs, and strict network segmentation. The vendor has not responded, leaving users to rely on firmware updates or replacement.","[\"industrial-iot\",\"cybersecurity\",\"cisa\"]","2026-05-28T12:00:00.000Z","2026-06-16T03:53:39.091Z","2026-06-16T03:53:47.515Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fhardcoded-admin-passwords-found-in-usrw610-industrial-gateway.webp",[26,27,28],"industrial-iot","cybersecurity","cisa",[30],{"name":31,"url":32},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-148-02",0]