CVE-2026-40425
5.7 MEDIUMThe administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to auth...
Published: 2026-05-29 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 5.7 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
- CWE
- CWE-552
Affected products
| Vendor | Product |
|---|---|
| macgregor | interschalt_vdr_g4e_firmware |
Description
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44611 — Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brut... (5.4 MEDIUM)
- CVE-2026-42951 — An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and passwo... (5.4 MEDIUM)
- CVE-2026-42941 — The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change (8.3 HIGH)
- CVE-2026-42929 — Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials (8.3 HIGH)
Same CWE
- CVE-2025-14771 — Files or directories accessible to external parties vulnerability in ABB T-MAC Plus (9.9 CRITICAL)
- CVE-2026-45543 — Nextcloud is an open source content collaboration platform (5.3 MEDIUM)
- CVE-2026-45088 — Dalfox is a powerful open-source XSS scanner and utility focused on automation (7.5 HIGH)
- CVE-2024-56462 — IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be rest... (7.2 HIGH)
- CVE-2024-11399 — Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2... (6.8 MEDIUM)