Common Weakness Enumeration

CWE-1390

Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

CVE-2026-6274 (GCVE-0-2026-6274)

Vulnerability from cvelistv5 – Published: 2026-06-05 09:01 – Updated: 2026-06-08 18:30
VLAI
Title
Authentication Bypass in DTS Electronics' Redline WR3200
Summary
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-306 - Missing authentication for critical function
  • CWE-1390 - Weak Authentication
Assigner
Impacted products
Date Public
2026-06-05 08:46
Credits
Deniz BEKTAŞ
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:21:18.983629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:21:36.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-08T18:30:34.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/bugresearch/CVE-2026-6274"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Redline WR3200",
          "vendor": "DTS Electronics Industry and Trade Ltd. Co.",
          "versions": [
            {
              "lessThan": "7.1.8",
              "status": "affected",
              "version": "7.1.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Deniz BEKTA\u015e"
        }
      ],
      "datePublic": "2026-06-05T08:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Redline WR3200: from 7.1.3 before 7.1.8.\u003c/p\u003e"
            }
          ],
          "value": "Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Redline WR3200: from 7.1.3 before 7.1.8."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "CWE-1390 Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T09:01:43.955Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0321"
        }
      ],
      "source": {
        "advisory": "TR-26-0321",
        "defect": [
          "TR-26-0321"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass in DTS Electronics\u0027 Redline WR3200",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2026-6274",
    "datePublished": "2026-06-05T09:01:43.955Z",
    "dateReserved": "2026-04-14T13:36:24.251Z",
    "dateUpdated": "2026-06-08T18:30:34.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6886 (GCVE-0-2026-6886)

Vulnerability from cvelistv5 – Published: 2026-04-23 09:25 – Updated: 2026-04-23 12:15
VLAI
Title
BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass
Summary
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2026-04-23 09:06
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T12:15:33.883073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T12:15:44.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Borg SPM 2007",
          "vendor": "BorG Technology Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "datePublic": "2026-04-23T09:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Borg SPM 2007 (Sales Ended in 2008)\u0026nbsp;developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user."
            }
          ],
          "value": "Borg SPM 2007 (Sales Ended in 2008)\u00a0developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "CWE-1390 Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T09:26:09.699Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Regardless of the current system version, customers with active maintenance contracts are advised to contact the vendor for patching assistance or upgrade to the latest version (SPM2025 SP1 has successfully passed source code security audits)."
            }
          ],
          "value": "Regardless of the current system version, customers with active maintenance contracts are advised to contact the vendor for patching assistance or upgrade to the latest version (SPM2025 SP1 has successfully passed source code security audits)."
        }
      ],
      "source": {
        "advisory": "TVN-202604009",
        "discovery": "EXTERNAL"
      },
      "title": "BorG Technology Corporation\uff5cBorg SPM 2007 - Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2026-6886",
    "datePublished": "2026-04-23T09:25:16.299Z",
    "dateReserved": "2026-04-23T02:43:17.685Z",
    "dateUpdated": "2026-04-23T12:15:44.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}









No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page