Description
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Published: 2026-05-29
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the password storage mechanism of the MacGregor Voyage Data Recorder (VDR) G4e, where a hashing method imposes a limited password length and is susceptible to brute force attacks. An attacker who can obtain repeated authentication attempts may compromise user accounts by iterating over a manageable search space, thereby gaining unauthorized system access. The weakness is identified as CWE‑916, indicating insufficient cryptographic storage of credentials.

Affected Systems

This issue affects all installations of Danelec's MacGregor Voyage Data Recorder G4e devices. There are no specific version constraints listed beyond the need for firmware upgrade to the V5.250 release for remediation.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, and the EPSS score is currently not available, implying no known exploitation probability data. Because the vulnerability lies in credential processing, the likely attack vector is through authentication attempts, either locally or remotely, depending on the device’s exposure. The vulnerability is not listed in the CISA KEV catalog, so no confirmed exploitation has been reported yet, but the potential for brute‑force compromise remains significant if default or weak passwords are used.

Generated by OpenCVE AI on May 29, 2026 at 19:23 UTC.

Remediation

Vendor Solution

Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:  https://www.danelec.com/contact

OpenCVE Recommended Actions

  • Update the VDR G4e firmware to version V5.250 as released by Danelec to eliminate the weak password hash implementation.
  • Change all default or simple passwords on the device to strong, unique values that exceed the previous length restrictions.
  • Configure account lockout policies and monitor authentication logs to detect and block repeated failed login attempts, thereby reducing the feasibility of brute‑force attacks.

Generated by OpenCVE AI on May 29, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Title MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort
Weaknesses CWE-916
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-05-29T19:44:47.782Z

Reserved: 2026-05-07T16:55:26.109Z

Link: CVE-2026-44611

cve-icon Vulnrichment

Updated: 2026-05-29T19:44:42.437Z

cve-icon NVD

Status : Received

Published: 2026-05-29T19:16:24.423

Modified: 2026-05-29T19:16:24.423

Link: CVE-2026-44611

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:30:05Z

Weaknesses