By vendor
Macgregor vulnerabilities
Known CVEs affecting Macgregor products, prioritized by severity, with SEC.co remediation and detection guidance.
3 published vulnerabilities
- CVE-2026-42941HIGH 8.3
Danelec MacGregor's Voyage Data Recorder (VDR) devices ship with hardcoded default credentials that cannot be forced to change, allowing unauthenticated network attackers to gain administrative access. This is a straightforward but high-impact authentication bypass on a maritime safety-critical system.
- CVE-2026-40425MEDIUM 5.7
A vulnerability in the Danelec MacGregor Voyage Data Recorder web interface allows an authenticated administrator to directly modify sensitive authentication-related files on the system. This could enable an attacker with admin credentials to alter the root password and gain elevated system control. While exploitation requires existing administrative access, the ability to change root credentials represents a critical privilege escalation path that should be addressed promptly.
- CVE-2026-42951MEDIUM 5.4
A vulnerability in Danelec MacGregor Voyage Data Recorder (VDR) devices allows authenticated users to download a complete backup file that exposes sensitive account credentials and password hashes. While an attacker must already have valid user credentials to exploit this issue, successful exploitation grants access to password material that could enable lateral movement or privilege escalation within maritime network environments. The vulnerability is classified as medium severity due to the authentication requirement, though the disclosure of password hashes represents a meaningful step toward further compromise.