{"api_version":"1","generated_at":"2026-06-13T13:16:27+00:00","cve":"CVE-2026-6274","urls":{"html":"https://cve.report/CVE-2026-6274","api":"https://cve.report/api/cve/CVE-2026-6274.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-6274","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-6274"},"summary":{"title":"Authentication Bypass in DTS Electronics' Redline WR3200","description":"Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Redline WR3200: from 7.1.3 before 7.1.8.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2026-06-05 09:16:26","updated_at":"2026-06-08 19:16:46"},"problem_types":["CWE-287","CWE-306","CWE-1390","CWE-287 CWE-287 Improper Authentication","CWE-306 CWE-306 Missing authentication for critical function","CWE-1390 CWE-1390 Weak Authentication"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/bugresearch/CVE-2026-6274","name":"https://github.com/bugresearch/CVE-2026-6274","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-6274","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6274","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"DTS Electronics Industry and Trade Ltd. Co.","product":"Redline WR3200","version":"affected 7.1.3 7.1.8 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Deniz BEKTAŞ","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"6274","cve":"CVE-2026-6274","epss":"0.000750000","percentile":"0.229000000","score_date":"2026-06-12","updated_at":"2026-06-13 00:07:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-6274","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-05T20:21:18.983629Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-05T20:21:36.106Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2026-06-08T18:30:34.697Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://github.com/bugresearch/CVE-2026-6274"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Redline WR3200","vendor":"DTS Electronics Industry and Trade Ltd. Co.","versions":[{"lessThan":"7.1.8","status":"affected","version":"7.1.3","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Deniz BEKTAŞ"}],"datePublic":"2026-06-05T08:46:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects Redline WR3200: from 7.1.3 before 7.1.8.</p>"}],"value":"Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Redline WR3200: from 7.1.3 before 7.1.8."}],"impacts":[{"capecId":"CAPEC-1","descriptions":[{"lang":"en","value":"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287 Improper Authentication","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing authentication for critical function","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-1390","description":"CWE-1390 Weak Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-05T09:01:43.955Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321"}],"source":{"advisory":"TR-26-0321","defect":["TR-26-0321"],"discovery":"UNKNOWN"},"title":"Authentication Bypass in DTS Electronics' Redline WR3200","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2026-6274","datePublished":"2026-06-05T09:01:43.955Z","dateReserved":"2026-04-14T13:36:24.251Z","dateUpdated":"2026-06-08T18:30:34.697Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-05 09:16:26","lastModifiedDate":"2026-06-08 19:16:46","problem_types":["CWE-287","CWE-306","CWE-1390","CWE-287 CWE-287 Improper Authentication","CWE-306 CWE-306 Missing authentication for critical function","CWE-1390 CWE-1390 Weak Authentication"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"6274","Ordinal":"1","Title":"Authentication Bypass in DTS Electronics' Redline WR3200","CVE":"CVE-2026-6274","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"6274","Ordinal":"1","NoteData":"Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Redline WR3200: from 7.1.3 before 7.1.8.","Type":"Description","Title":"Authentication Bypass in DTS Electronics' Redline WR3200"}]}}}