cbcvebase.
CVE-2026-26049
published 2026-02-20

CVE-2026-26049: The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to…

PriorityP434medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EPSS
0.28%
19.9th percentile
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form caching.

Affected

1 ranges
VendorProductVersion rangeFixed in
jinan_usr_iot_technology_limitedusr-w610<= 3.1.1.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.