Skip to main content

G5Dfr Firmware CVE-2024-22077

MEDIUM
Improper Handling of Insufficient Permissions or Privileges (CWE-280)
2024-03-20 cve@mitre.org
5.3
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 20, 2024 - 05:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.

AnalysisAI

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-280. An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. Affected products include: Elspec-Ltd G5Dfr Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-22081 CRITICAL
9.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS

CVE-2024-22080 CRITICAL
9.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS

CVE-2024-22078 HIGH
8.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 8.8)

CVE-2024-22084 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22082 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22079 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22083 MEDIUM
6.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2024-22085 MEDIUM
6.2 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2025-59392 MEDIUM
6.8 Nov 06

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inser

CVE-2024-46603 HIGH
7.5 Jan 07

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows att

CVE-2024-46602 HIGH
7.5 Jan 07

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. Rated high severity (CVSS 7.5)

CVE-2024-46601 HIGH
7.5 Jan 07

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. Rated high

Share

CVE-2024-22077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy