MacGregor Voyage Data Recorder (VDR) G4e

HIGH

CVSS 8.3

Date 2026-05-28T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of these vulnerabilities could result in an attacker gaining administrator access to the device.

// Vulnerabilities (5)

CVE ID	CVSS Score	Severity	Description
CVE-2026-42951	5.4	medium	An authenticated user can download a backup of the device which includes account data and password hashes.
CVE-2026-42941	8.3	high	The VDR device includes a default username and password, with no enforced password change.
CVE-2026-42929	8.3	high	The device includes default accounts with hard-coded credentials.
CVE-2026-40425	5.7	medium	The administrator account for the web interface can directly edit sensitive files related to authentication, potentially changing the root password.
CVE-2026-44611	5.4	medium	Passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.

// Remediations (1)

Patch: Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Vo

Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions: https://www.danelec.com/contact

MacGregor Voyage Data Recorder (VDR) G4e

// Description

// Vulnerabilities (5)

// Remediations (1)

// References