Critical Vulnerabilities Reported in PUSR USR-W610 Industrial IoT Devices

CISA and Jinan USR IOT Technology Limited report four vulnerabilities in its USR-W610 industrial converters, including a critical flaw that allows full administrative access via blank credentials. As the product is end-of-life and will not receive patches.

**If you are using Jinan USR IOT Technology Limited USR-W610, make sure they are isolated from the internet and accessible only from trusted networks and make sure all of the devices have complex passwords. Since these industrial IoT devices are end-of-life, plan a replacement with new supported hardware.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-pusr-usr-w610-industrial-iot-devices-t-w-f-6-m/gD2P6Ple2L

Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones

Grandstream GXP1600 series VoIP phones contain a critical unauthenticated buffer overflow vulnerability (CVE-2026-2329) that allows attackers to gain root access and intercept calls.

**If you are using Grandstream GXP1600 phones, plan a quick update to firmware 1.0.7.81. As a first step, make sure to isolate VoIP hardware on a dedicated, firewalled VLAN and confirm that management interfaces are not reachable from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-root-vulnerability-in-grandstream-gxp1600-voip-phones-t-4-w-t-w/gD2P6Ple2L