A critical (CVSS 9.8) authentication weakness in DTS Electronics' Redline WR3200 allows unauthenticated network attackers to reach functionality that should be gated by access controls, granting full impact to confidentiality, integrity, and availability.
What Is It
CVE-2026-6274 is a combination of Improper Authentication (CWE-287), Missing Authentication for Critical Function (CWE-306), and Weak Authentication (CWE-1390) affecting the DTS Electronics Industry and Trade Ltd. Co. Redline WR3200. The flaw allows an attacker to access functionality that is not properly constrained by ACLs. The CVSS v3.1 vector, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicates the bug is remotely exploitable over the network, requires no privileges, and no user interaction.
Why It Matters
A 9.8 CRITICAL rating combined with no-auth, no-interaction, network-reachable exploitation is the worst-case profile for an edge device. Routers and gateways like the WR3200 typically sit at the network perimeter, meaning a successful exploit gives an attacker an immediate foothold for traffic interception, lateral movement, or pivoting into internal networks. The CVE was reported through Turkey's national CERT (USOM), suggesting initial attention on Turkish deployments where DTS Electronics gear is most common.
This CVE is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, so active exploitation in the wild has not been confirmed by CISA at time of writing.
What's Vulnerable
- Vendor / Product: DTS Electronics Industry and Trade Ltd. Co.; Redline WR3200
- Affected versions: 7.1.3 up to (but not including) 7.1.8
- Attack surface: Network-accessible management/critical functions lacking proper authentication enforcement
No specific affected CPE list was published with the NVD record at disclosure.
Patch Status
The vulnerability description indicates the issue is resolved in Redline WR3200 version 7.1.8. Operators of any WR3200 unit running firmware in the 7.1.3–7.1.7 range should upgrade to 7.1.8 or later immediately. In the interim, restrict network exposure of the device's management interface to trusted hosts only and avoid exposing it directly to the internet.