Severity by source
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes.
AnalysisAI
Backup download functionality in the Danelec MacGregor Voyage Data Recorder G4E exposes account credentials and password hashes to any authenticated low-privileged user. An attacker with a valid low-privilege account operating on the same adjacent network segment - typically the onboard vessel LAN - can retrieve a device backup file containing credential material, enabling offline password cracking and potential privilege escalation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid account with at least low-level privileges on the Danelec MacGregor VDR G4E (PR:L confirmed by CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 5.4 Medium (AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) reflects a moderate overall score, but the individual signal breakdown warrants attention. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A crew member or port technician with a low-privilege account on the Danelec MacGregor VDR G4E connects to the onboard vessel LAN and authenticates to the device management interface. The attacker invokes the backup download function, receiving an archive that contains account usernames and password hashes; these hashes are then subjected to offline dictionary or brute-force cracking using commodity tools. … |
| Remediation | No vendor-released patch with an exact fix version has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass via hard-coded credentials in Danelec MacGregor Voyage Data Recorder (VDR) G4e allows attackers wi
Hardcoded default credentials in the Danelec MacGregor Voyage Data Recorder (VDR) G4e allow adjacent attackers to gain a
Authenticated administrator access on the Danelec MacGregor Voyage Data Recorder (VDR) G4E web interface permits direct
Weak password storage in the Danelec MacGregor VDR G4E exposes credentials to offline brute-force attack: the hashing al
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33396
GHSA-qm89-g8jg-hcwp