Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
AnalysisAI
Authentication bypass in DTS Electronics Redline WR3200 firmware versions 7.1.3 through 7.1.7 allows remote unauthenticated attackers to access functionality not properly constrained by ACLs, leading to full compromise of the device. The CVSS 9.8 rating reflects network-reachable exploitation with no privileges or user interaction required, though no public exploit identified at time of analysis. The flaw maps to CWE-287 (Improper Authentication) and was reported through Turkey's national CERT (USOM).
Technical ContextAI
The Redline WR3200 is a networking/wireless device produced by DTS Electronics, a Turkish manufacturer. The root cause class is CWE-287 (Improper Authentication), here manifesting as missing authentication for critical functions and weak authentication enforcement - meaning sensitive endpoints or administrative functions can be reached without presenting valid credentials. The tag 'Authentication Bypass' confirms that ACL checks intended to gate privileged functionality are either absent or bypassable on the network-exposed management interface. No CPE strings were provided in the input, so exact firmware build identifiers cannot be cross-referenced.
RemediationAI
Upgrade Redline WR3200 firmware to version 7.1.8 or later, which per the affected-version range is the first build outside the vulnerable window - patch availability per vendor advisory referenced at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321. Until the upgrade can be applied, restrict access to the device's management interface to trusted management VLANs or specific administrative IPs via upstream firewall ACLs, and disable WAN-side administrative access if enabled (trade-off: remote administration over the internet will no longer function and on-site or VPN-based management is required). Monitor device logs for unauthenticated access to administrative endpoints and rotate any credentials, keys, or configuration secrets stored on potentially exposed devices, since an authentication bypass may have allowed prior extraction.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34793
GHSA-848x-m5wp-rx2c