Skip to main content

Redline WR3200 CVE-2026-6274

| EUVDEUVD-2026-34793 CRITICAL
Improper Authentication (CWE-287)
2026-06-05 iletisim@usom.gov.tr GHSA-848x-m5wp-rx2c
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 05, 2026 - 11:01 EUVD
Analysis Generated
Jun 05, 2026 - 09:30 vuln.today

DescriptionCVE.org

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Redline WR3200: from 7.1.3 before 7.1.8.

AnalysisAI

Authentication bypass in DTS Electronics Redline WR3200 firmware versions 7.1.3 through 7.1.7 allows remote unauthenticated attackers to access functionality not properly constrained by ACLs, leading to full compromise of the device. The CVSS 9.8 rating reflects network-reachable exploitation with no privileges or user interaction required, though no public exploit identified at time of analysis. The flaw maps to CWE-287 (Improper Authentication) and was reported through Turkey's national CERT (USOM).

Technical ContextAI

The Redline WR3200 is a networking/wireless device produced by DTS Electronics, a Turkish manufacturer. The root cause class is CWE-287 (Improper Authentication), here manifesting as missing authentication for critical functions and weak authentication enforcement - meaning sensitive endpoints or administrative functions can be reached without presenting valid credentials. The tag 'Authentication Bypass' confirms that ACL checks intended to gate privileged functionality are either absent or bypassable on the network-exposed management interface. No CPE strings were provided in the input, so exact firmware build identifiers cannot be cross-referenced.

RemediationAI

Upgrade Redline WR3200 firmware to version 7.1.8 or later, which per the affected-version range is the first build outside the vulnerable window - patch availability per vendor advisory referenced at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321. Until the upgrade can be applied, restrict access to the device's management interface to trusted management VLANs or specific administrative IPs via upstream firewall ACLs, and disable WAN-side administrative access if enabled (trade-off: remote administration over the internet will no longer function and on-site or VPN-based management is required). Monitor device logs for unauthenticated access to administrative endpoints and rotate any credentials, keys, or configuration secrets stored on potentially exposed devices, since an authentication bypass may have allowed prior extraction.

Share

CVE-2026-6274 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy