Improper authentication allows an attacker to bypass normal login controls and access critical functions that are not correctly protected by access‑control lists. The weakness lies in missing or weak authentication mechanisms for sensitive operations. An attacker who can reach the device may remotely execute privileged actions, potentially altering configuration, disrupting service, or escalating privileges. Because the bug is rooted in missing authentication, any user with network access can exploit it, making the risk far‑flung across all unpatched units.

Vendors impacted are DTS Electronics Industry and Trade Ltd. Co. The Redline WR3200 router is compromised for firmware revisions starting with 7.1.3 up to but excluding 7.1.8. Devices running those firmware images lack the authentication control required for certain functions and are therefore exploitable.

With a CVSS score of 9.8 the vulnerability is considered critical, granting an attacker full control over the device’s configuration and services. The EPSS score is currently unavailable, so the likelihood of exploitation is unknown, but the lack of any mitigations or conditional restrictions in the firmware means remote attackers can reach the device and exercise the bypass freely. The vulnerability is not yet identified in CISA’s KEV listing, yet its high severity warrants immediate attention. Because the flaw sits in the authorization layer, it can be exploited over the network using the device’s management protocols without requiring elevated privileges.