CriticalPublic exploit

Improper Authentication in DTS Redline WR3200

IdentifiersCVE-2026-6274CWE-306· Missing Authentication for…

CVE-2026-6274 affects DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 versions 7.1.3 through before 7.1.8. The available description indicates multiple authentication weaknesses, specifically improper authentication, missing authentication for a critical function, and weak authentication, which together allow access to functionality that is not properly constrained by ACLs. Based on the provided information, the flaw is reachable over the network and does not require prior authentication or user interaction. Specific vulnerable endpoints, functions, or code paths are not identified in the provided content.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow an unauthenticated remote attacker to access protected functionality on the Redline WR3200 that should be restricted by authentication and ACL enforcement. The provided CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates high impact to confidentiality, integrity, and availability, implying potential unauthorized access to sensitive information, unauthorized modification of device state or configuration, and disruption of device or service operation.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, restrict network exposure of the Redline WR3200 management and control interfaces to trusted administrative networks only, enforce segmentation and ACLs at upstream network boundaries, disable or limit externally reachable administrative services where possible, and monitor for unauthorized access attempts to privileged functionality. Because the issue involves missing or weak authentication on critical functions, internet exposure should be avoided.

Remediation

Patch, then assume compromise.

Upgrade DTS Redline WR3200 to version 7.1.8 or later, as the issue affects versions from 7.1.3 before 7.1.8. If vendor guidance is available through the referenced advisory, apply the vendor-recommended fixed release and any associated hardening steps.

PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.

VALID 1 / 1 TOTALView more in app

CVE-2026-6274MaturityPoCVerified exploit

Small standalone exploit repository containing one Python PoC script and two README files (English and Turkish). The exploit targets CVE-2026-6274 in Redline WR3200 routers before firmware v7.1.8. The core issue described by the repository is an authentication bypass caused by reliance on static cookies (user=admin and platform=1) combined with insufficient authorization checks on the password-management endpoint. The Python script exploit.py is the only code file and main entry point. It accepts a target IP and a new password, builds an HTTP POST request to /goform/set_manpwd, sets the static cookies, and includes browser-like headers such as X-Requested-With, Content-Type, Referer, and User-Agent. If the target responds with HTTP 200, the script reports success and prints the server response. The exploit does not provide shell access or code execution; its capability is limited but impactful: unauthorized administrative password reset on the router. This is a real exploit PoC rather than a detector, with a hardcoded attack flow and no framework integration.

bugresearchDisclosed May 11, 2026pythonmarkdownwebnetwork

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cvefeed high severityNews

Jun 5, 2026

CVE-2026-6274 - Authentication Bypass in DTS Electronics' Redline WR3200

An improper authentication vulnerability in DTS Electronics Redline WR3200 that allows access to functionality not properly constrained by ACLs.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-6274

NVD

nvd.nist.gov/vuln/detail/CVE-2026-6274

MITRE CWE · CWE-306

Missing Authentication for Critical Function

siberguvenlik.gov.tr

siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321