High

Cleartext HTTP Basic Auth in PUSR USR-W610 embedded web interface (no HTTPS/TLS)

IdentifiersCVE-2026-24455CWE-319· Cleartext Transmission of…

CVE-2026-24455 is a cleartext transmission vulnerability in the embedded web management interface of the Jinan USR IOT Technology Limited (PUSR) USR-W610 Wi‑Fi router (reported affecting versions up to and including 3.1.1.0). The interface does not support HTTPS/TLS for authentication and instead uses HTTP Basic Authentication over HTTP. As a result, authentication traffic is only encoded (Base64) rather than encrypted, allowing credentials to be exposed to passive interception by an attacker with network visibility on the same network segment/path.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

An attacker who can passively observe management traffic (e.g., via same-L2 access, compromised network device, or other on-path position) can recover valid user credentials, including potentially administrative credentials, from HTTP Basic Authentication exchanges. This enables subsequent unauthorized access to the device’s management interface using the stolen credentials, with attendant confidentiality impact (credential disclosure) and potential follow-on administrative compromise depending on the privileges of the captured account.

Mitigation

If you can’t patch tonight, do this now.

Restrict reachability of the embedded web interface to trusted management networks only (e.g., dedicated management VLAN/VRF). Prevent untrusted L2/L3 adjacency and on-path exposure by using segmentation and network controls (ACLs/firewall rules) to limit which hosts can access the management interface. Avoid using the web interface over untrusted networks; prefer out-of-band or otherwise protected management paths where possible.

Remediation

Patch, then assume compromise.

No vendor fix or patched version information is provided in the available advisory content. Remediation would require a vendor firmware update that adds HTTPS/TLS support for the management interface (and disables/avoids HTTP Basic Authentication over cleartext), or replacement with a device/firmware that supports encrypted management sessions.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.

3 SOURCESView more in app

No news coverage yet. Advisories and community discussion only.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-24455

NVD

nvd.nist.gov/vuln/detail/CVE-2026-24455

MITRE CWE · CWE-319

Cleartext Transmission of Sensitive Information

github.com

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json

cisa.gov

cisa.gov/news-events/ics-advisories/icsa-26-050-03