Skip to main content

G5Dfr Firmware CVE-2025-59392

MEDIUM
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2025-11-06 cve@mitre.org
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:20 vuln.today
CVE Published
Nov 06, 2025 - 16:16 nvd
MEDIUM 6.8

DescriptionCVE.org

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.

AnalysisAI

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-288. On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port. Affected products include: Elspec-Ltd G5Dfr Firmware. Version information: through 1.2.2.19.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-22081 CRITICAL
9.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS

CVE-2024-22080 CRITICAL
9.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS

CVE-2024-22078 HIGH
8.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 8.8)

CVE-2024-22084 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22082 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22079 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22083 MEDIUM
6.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2024-22085 MEDIUM
6.2 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2024-22077 MEDIUM
5.3 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 5.

CVE-2024-46603 HIGH
7.5 Jan 07

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows att

CVE-2024-46602 HIGH
7.5 Jan 07

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. Rated high severity (CVSS 7.5)

CVE-2024-46601 HIGH
7.5 Jan 07

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. Rated high

Share

CVE-2025-59392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy