Description
An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder


device which includes account data and password hashes.
Published: 2026-05-29
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw permits an authenticated user to download a backup of a Danelec MacGregor Voyage Data Recorder that includes account data and password hashes. This exposure of credential information can facilitate credential compromise or lateral movement within connected systems. The weakness stems from insufficient protection of credentials stored in the backup, falling under the category of credentials stored insecurely.

Affected Systems

The vulnerability impacts Danelec MacGregor Voyage Data Recorder (VDR) G4e units. All devices that have not yet been upgraded to firmware version V5.250 are affected. No additional version constraints are specified in the advisory.

Risk and Exploitability

The CVSS score is 5.9, indicating a medium severity. No EPSS score is available and the issue is not listed in CISA’s KEV catalog. Exploitation requires legitimate authenticated access; once an attacker logs in, they can trigger the backup download and obtain the stored credential hashes. The primary risk is confidentiality compromise; the likelihood of exploitation is limited to users who possess valid credentials and can access the backup function.

Generated by OpenCVE AI on May 29, 2026 at 19:24 UTC.

Remediation

Vendor Solution

Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:  https://www.danelec.com/contact

OpenCVE Recommended Actions

  • Install firmware V5.250 to eliminate the credential export flaw
  • Restrict access to the backup download feature to authorized personnel only
  • Review and rotate device account passwords to mitigate potential hash compromise

Generated by OpenCVE AI on May 29, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
Title MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-05-29T19:43:09.533Z

Reserved: 2026-05-07T16:55:26.102Z

Link: CVE-2026-42951

cve-icon Vulnrichment

Updated: 2026-05-29T19:43:04.619Z

cve-icon NVD

Status : Received

Published: 2026-05-29T19:16:24.113

Modified: 2026-05-29T19:16:24.113

Link: CVE-2026-42951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:30:05Z

Weaknesses