CVE-2026-42929
Danelec MacGregor VDR Hard-Coded Credentials
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| danelec | macgregor_voyage_data_recorder | v5.250 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves hard-coded credentials in the MacGregor Voyage Data Recorder, allowing unauthorized access with potential administrator-level control. This can lead to breaches in confidentiality, integrity, and availability of data.
Such unauthorized access risks could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access. However, the provided information does not explicitly state the effects on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-42929 is a high-severity vulnerability affecting the MacGregor Voyage Data Recorder (VDR) G4e devices, specifically the CSAFPID-0001 product.
The issue involves the use of hard-coded credentials, where default accounts with fixed passwords are embedded in the device firmware.
This flaw allows attackers to gain unauthorized access, potentially leading to administrator-level control of the device.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the affected device, allowing attackers to gain administrator-level control.
This can impact the confidentiality, integrity, and availability of the device and its data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves default accounts with hard-coded credentials in the MacGregor Voyage Data Recorder G4e devices. Detection would typically involve identifying devices running vulnerable firmware versions and checking for the presence of default accounts.
However, no specific detection commands or network scanning techniques are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vendor, Danelec, has released firmware version V5.250 to address this vulnerability.
Immediate mitigation steps include promptly updating the affected MacGregor Voyage Data Recorder devices to firmware version V5.250 to remove the hard-coded credentials and secure the device.