CVE-2026-42951: CWE-522 in Danelec MacGregor Voyage Data Recorder (VDR) G4e
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-42951) affects the Danelec MacGregor Voyage Data Recorder (VDR) G4e. It allows an authenticated user to download a backup file from the device, which includes sensitive account data and password hashes. The CVSS v3.1 base score is 5.4 (medium), reflecting that the attack requires local or adjacent network access (Attack Vector: Adjacent), high attack complexity, and low privileges but no user interaction. The confidentiality impact is high due to exposure of account credentials, integrity impact is low, and availability is not affected. No patch or official remediation level has been published as of the current data.
Potential Impact
The vulnerability exposes sensitive account data and password hashes to any authenticated user who can access the device backup functionality. This could facilitate credential compromise and unauthorized access escalation if the hashes are cracked. However, exploitation requires prior authentication and high attack complexity, limiting immediate risk. There is no indication of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict authenticated user access to the device and monitor for unauthorized backup downloads. Follow any vendor recommendations once published.
CVE-2026-42951: CWE-522 in Danelec MacGregor Voyage Data Recorder (VDR) G4e
Description
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
CVSS v3.1
Score 5.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-42951) affects the Danelec MacGregor Voyage Data Recorder (VDR) G4e. It allows an authenticated user to download a backup file from the device, which includes sensitive account data and password hashes. The CVSS v3.1 base score is 5.4 (medium), reflecting that the attack requires local or adjacent network access (Attack Vector: Adjacent), high attack complexity, and low privileges but no user interaction. The confidentiality impact is high due to exposure of account credentials, integrity impact is low, and availability is not affected. No patch or official remediation level has been published as of the current data.
Potential Impact
The vulnerability exposes sensitive account data and password hashes to any authenticated user who can access the device backup functionality. This could facilitate credential compromise and unauthorized access escalation if the hashes are cracked. However, exploitation requires prior authentication and high attack complexity, limiting immediate risk. There is no indication of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict authenticated user access to the device and monitor for unauthorized backup downloads. Follow any vendor recommendations once published.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-05-07T16:55:26.102Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a19dc07e29bf47b50ff85c5
Added to database: 5/29/2026, 6:33:43 PM
Last enriched: 5/29/2026, 7:04:03 PM
Last updated: 5/31/2026, 4:53:16 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.