CVE-2026-40425
Analyzed Analyzed - Analysis Complete

Authentication Bypass in Danelec MacGregor VDR

Vulnerability report for CVE-2026-40425, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-29

Last updated on: 2026-06-03

Assigner: ICS-CERT

Description

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-29
Last Modified
2026-06-03
Generated
2026-07-09
AI Q&A
2026-05-29
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
macgregor interschalt_vdr_g4e_firmware to 5.250 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the administrator account of the Danelec MacGregor Voyage Data Recorder web interface. It allows the administrator to directly edit sensitive files related to authentication, which can potentially lead to changing the root password.

Impact Analysis

The vulnerability can impact you by allowing an administrator with access to the web interface to modify critical authentication files. This could lead to unauthorized changes such as altering the root password, which may compromise system security, enable unauthorized access, and potentially disrupt the normal operation of the device.

Compliance Impact

The vulnerability allows the administrator account of the Danelec MacGregor Voyage Data Recorder web interface to directly edit sensitive authentication files, including potentially changing the root password. This could lead to unauthorized access or modification of sensitive data.

Such unauthorized access and potential compromise of authentication mechanisms can impact the confidentiality and integrity of data, which are critical requirements under common standards and regulations like GDPR and HIPAA.

Therefore, this vulnerability may hinder compliance with these regulations by increasing the risk of unauthorized data access or alteration.

Mitigation Strategies

The vulnerability allows the administrator account of the Danelec MacGregor Voyage Data Recorder web interface to directly edit sensitive authentication files, potentially changing the root password.

Immediate mitigation steps are not explicitly detailed in the provided context or resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40425. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart