CVE-2026-24455
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Description
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-319
Source
NVD
Vendor
Jinan USR IOT Technology Limited (PUSR)
Product
USR-W610
Discussion (0)
Add Comment
No comments yet. Be the first!