CVE-2026-7786 is a CVSS 9.8 hard-coded administrator credential vulnerability in the USR-W610 RS232/RS485-to-Wi-Fi/Ethernet converter, firmware version 7.03T.07. Because credentials are static and identical across all units, any disclosure of the credential values instantly compromises every unpatched device on any network. In OT environments where USR-W610 units bridge legacy serial equipment to IP networks, this creates a direct path from IT compromise to operational technology disruption.