← back
CVE-2026-40425

MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

CVSS 6.9 MEDIUMEPSS 0.4%CWE-552
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Danelec · MacGregor Voyage Data Recorder (VDR) G4e

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01https://www.danelec.com/contact