{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T14:21:30.382","vulnerabilities":[{"cve":{"id":"CVE-2026-25715","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-20T17:25:53.293","lastModified":"2026-06-17T10:25:05.823","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"ics-cert@hq.dhs.gov","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"The web management interface of the device allows the administrator \nusername and password to be set to blank values. Once applied, the \ndevice permits authentication with empty credentials over the web \nmanagement interface and Telnet service. This effectively disables \nauthentication across all critical management channels, allowing any \nnetwork-adjacent attacker to gain full administrative control without \ncredentials."},{"lang":"es","value":"La interfaz de gestión web del dispositivo permite que el nombre de usuario y la contraseña del administrador se establezcan a valores en blanco. Una vez aplicado, el dispositivo permite la autenticación con credenciales vacías a través de la interfaz de gestión web y el servicio Telnet. Esto deshabilita eficazmente la autenticación en todos los canales de gestión críticos, permitiendo a cualquier atacante adyacente a la red obtener control administrativo total sin credenciales."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Jinan USR IOT Technology Limited (PUSR)","product":"USR-W610","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-20T20:02:26.714876Z","id":"CVE-2026-25715","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-521"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03","source":"ics-cert@hq.dhs.gov"}]}}]}