CVE-2026-42929
Analyzed Analyzed - Analysis Complete
Danelec MacGregor VDR Hard-Coded Credentials

Publication date: 2026-05-29

Last updated on: 2026-06-04

Assigner: ICS-CERT

Description
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-04
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-42929
EUVD
EUVD-2026-33400
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
macgregor interschalt_vdr_g4e_firmware to 5.250 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves hard-coded credentials in the MacGregor Voyage Data Recorder, allowing unauthorized access with potential administrator-level control. This can lead to breaches in confidentiality, integrity, and availability of data.

Such unauthorized access risks could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access. However, the provided information does not explicitly state the effects on compliance with these standards.

Executive Summary

CVE-2026-42929 is a high-severity vulnerability affecting the MacGregor Voyage Data Recorder (VDR) G4e devices, specifically the CSAFPID-0001 product.

The issue involves the use of hard-coded credentials, where default accounts with fixed passwords are embedded in the device firmware.

This flaw allows attackers to gain unauthorized access, potentially leading to administrator-level control of the device.

Impact Analysis

The vulnerability can lead to unauthorized access to the affected device, allowing attackers to gain administrator-level control.

This can impact the confidentiality, integrity, and availability of the device and its data.

Detection Guidance

This vulnerability involves default accounts with hard-coded credentials in the MacGregor Voyage Data Recorder G4e devices. Detection would typically involve identifying devices running vulnerable firmware versions and checking for the presence of default accounts.

However, no specific detection commands or network scanning techniques are provided in the available resources.

Mitigation Strategies

The vendor, Danelec, has released firmware version V5.250 to address this vulnerability.

Immediate mitigation steps include promptly updating the affected MacGregor Voyage Data Recorder devices to firmware version V5.250 to remove the hard-coded credentials and secure the device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42929. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart