CVE-2026-42951
5.4 MEDIUMAn authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and passwo...
Published: 2026-05-29 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-522
Affected products
| Vendor | Product |
|---|---|
| macgregor | interschalt_vdr_g4e_firmware |
Description
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44611 — Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brut... (5.4 MEDIUM)
- CVE-2026-42941 — The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change (8.3 HIGH)
- CVE-2026-42929 — Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials (8.3 HIGH)
- CVE-2026-40425 — The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to auth... (5.7 MEDIUM)
Same CWE
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)
- CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the N... (6.5 MEDIUM)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)
- CVE-2026-46511 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-7313 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote a... (8.7 HIGH)