{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26048", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-02-10T15:52:10.274Z", "datePublished": "2026-02-20T16:06:17.626Z", "dateUpdated": "2026-02-20T16:06:17.626Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "USR-W610", "vendor": "Jinan USR IOT Technology Limited (PUSR)", "versions": [{"lessThanOrEqual": "3.1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Abhishek Pandey and Ranit Pradhan of Payatu Security Consulting reported this to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Wi-Fi router is vulnerable to de-authentication attacks due to the \nabsence of management frame protection, allowing forged deauthentication\n and disassociation frames to be broadcast without authentication or \nencryption. An attacker can use this to cause unauthorized disruptions \nand create a denial-of-service condition."}], "value": "The Wi-Fi router is vulnerable to de-authentication attacks due to the \nabsence of management frame protection, allowing forged deauthentication\n and disassociation frames to be broadcast without authentication or \nencryption. An attacker can use this to cause unauthorized disruptions \nand create a denial-of-service condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-20T16:06:17.626Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"}], "source": {"advisory": "ICSA-26-050-03", "discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to <a target=\"_blank\" rel=\"nofollow\">contact PUSR</a> and keep their systems up to date.\n\n<br>"}], "value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to contact PUSR and keep their systems up to date."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [{"sourceIdentifier": "ics-cert@hq.dhs.gov", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "The Wi-Fi router is vulnerable to de-authentication attacks due to the \nabsence of management frame protection, allowing forged deauthentication\n and disassociation frames to be broadcast without authentication or \nencryption. An attacker can use this to cause unauthorized disruptions \nand create a denial-of-service condition."}], "id": "CVE-2026-26048", "lastModified": "2026-02-20T17:25:53.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-02-20T17:25:53.450", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{}