CVE-2026-40425

MEDIUM

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

CVSS v3.1 Score

5.7
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Attack Vector
ADJACENT_NETWORK
Complexity
LOW
Privileges
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW
Published: 5/29/2026Modified: 6/1/2026

Related Intelligence (1)

CRITICALVulnerability

MacGregor Voyage Data Recorder (VDR) G4e

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could result in an attacker gaining administrator access to the device.</strong></p> <p>The following versions of MacGregor Voyage Data Recorder (VDR) G4e are affected:</p> <ul> <li>Mac

CVE-2026-42941CVE-2026-42951
CISA Advisories

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01https://www.danelec.com/contact