CVE-2026-42951: MacGregor VDR G4E Backup Credential Disclosure – Patch Guidance
A vulnerability in Danelec MacGregor Voyage Data Recorder (VDR) devices allows authenticated users to download a complete backup file that exposes sensitive account credentials and password hashes. While an attacker must already have valid user credentials to exploit this issue, successful exploitation grants access to password material that could enable lateral movement or privilege escalation within maritime network environments. The vulnerability is classified as medium severity due to the authentication requirement, though the disclosure of password hashes represents a meaningful step toward further compromise.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.4 MEDIUM · CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-522
- Affected products
- 2 configuration(s)
- Published / Modified
- 2026-05-29 / 2026-06-17
NVD description (verbatim)
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-42951 is an improper credential storage vulnerability (CWE-522) affecting MacGregor Interschalt VDR G4E devices and firmware. The backup download functionality does not properly segregate or redact sensitive authentication material, allowing an authenticated user with legitimate system access to retrieve account data and password hashes via a backup export operation. The CVSS 3.1 score of 5.4 (MEDIUM) reflects the authentication prerequisite, high confidentiality impact, and limited integrity exposure. The attack vector is adjacent network, suggesting attackers must be on the same network segment or have network-adjacent access.
Business impact
VDR devices are critical infrastructure on modern vessels, recording bridge operations and voyage data for regulatory compliance and incident investigation. Compromise of account credentials could allow malicious insiders or network-adjacent attackers to assume administrative roles, manipulate voyage records, disable logging, or facilitate further lateral movement to other maritime IT systems. For operators, loss of VDR integrity compromises both regulatory defensibility and situational awareness. The exposure of password hashes elevates risk if credentials are reused across vessel or shore-based systems.
Affected systems
MacGregor Interschalt VDR G4E (and G4E firmware versions) are affected. Verify your specific firmware version against the vendor advisory to confirm patch eligibility. If your organization operates multiple VDR installations or integrated bridge systems from MacGregor, inventory all G4E instances immediately.
Exploitability
Exploitation requires valid authenticated access to the VDR device. An attacker cannot exploit this remotely without first obtaining legitimate credentials. However, the barrier to exploit is moderate: once insider access or credential compromise occurs, the backup download is a standard administrative function that an attacker can invoke without additional detection evasion. The exposed password hashes may be cracked offline to obtain cleartext passwords, extending the window of exposure.
Remediation
Apply the vendor-supplied patch to affected Interschalt VDR G4E devices and firmware as outlined in the MacGregor advisory. Restrict backup download privileges to essential personnel and enforce role-based access controls (RBAC). Review and rotate any credentials exposed via backups already downloaded by unauthorized users. Implement network segmentation to limit authenticated access to VDR administrative functions. Consider implementing additional controls such as backup encryption and signed integrity verification.
Patch guidance
Consult the MacGregor security advisory for the specific patched firmware version and deployment procedure for your G4E model. Patches are typically delivered via firmware updates; coordinate with your vessel IT operations or shore-based support to stage and validate updates in a non-disruptive manner. Verify patch application by confirming firmware version post-deployment and testing backup functionality to ensure integrity is maintained.
Detection guidance
Monitor VDR backup download operations, particularly those initiated by non-administrative accounts or during unusual hours. Log all backup exports and archive metadata (timestamp, user, destination). Detect anomalous patterns such as repeated failed backup attempts, downloads to external storage, or access from unexpected network origins. Review VDR audit logs regularly for any unauthorized administrative activities. Implement alerting on authentication anomalies (failed logins, privilege escalation attempts) targeting VDR systems.
Why prioritize this
Although classified as MEDIUM severity, this vulnerability warrants prompt remediation because: (1) VDR systems operate in safety-critical maritime environments where data integrity is regulatory and operational priority; (2) password hash exposure creates a secondary risk of credential reuse on ship and shore systems; (3) authenticated insiders pose a credible threat in the maritime sector; (4) remediation is straightforward via patching. Organizations with VDR systems should treat this as a near-term priority, particularly if their credential hygiene or network segmentation is weak.
Risk score, explained
The CVSS 3.1 score of 5.4 reflects a medium-severity issue: high confidentiality impact (password hash disclosure) balanced against the requirement for authenticated access (PR:L) and adjacent network positioning (AV:A). The score does not capture the regulatory or operational significance of VDR compromise, which may warrant higher-priority treatment in a maritime risk context.
Frequently asked questions
Can this vulnerability be exploited without valid credentials?
No. CVE-2026-42951 requires an authenticated user with legitimate access to the VDR. However, once an attacker has obtained credentials—through phishing, insider threat, or credential compromise elsewhere—the backup download is a straightforward administrative function.
What makes the password hash exposure dangerous?
Password hashes can be cracked offline using brute-force or dictionary attacks. If hashes are weak (low entropy) or credentials are reused across multiple systems (vessel IT, shore infrastructure, third-party services), a successful crack could provide entry points for lateral movement beyond the VDR.
How should we prioritize this patch in a maritime environment?
VDR integrity is both a safety and regulatory requirement (IMO SOLAS compliance). Patches should be scheduled promptly during routine maintenance windows, with coordination between vessel and shore operations to avoid disruption. Test patches in a controlled environment first.
Is this vulnerability being actively exploited?
CVE-2026-42951 is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the data provided, indicating no confirmed active exploitation has been reported to CISA. However, absence from KEV does not mean the vulnerability is unexploited in practice; maintain vigilance and monitor vendor advisories for updates.
This analysis is provided for informational and educational purposes. SEC.co does not warrant the accuracy or completeness of third-party vulnerability data. Organizations must verify all patch versions, affected systems, and deployment procedures against official vendor advisories before implementing remediation. The CVE ID, CVSS score, affected products, and publication dates cited herein are sourced from authoritative databases; if discrepancies exist, defer to the official NVD or vendor advisory. No exploit code or weaponized proof-of-concept details are provided. This content does not constitute security advice tailored to your environment; conduct a thorough risk assessment and consult qualified security personnel for deployment decisions. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-40425MEDIUMMacGregor VDR Admin File Access Vulnerability – MEDIUM Risk
- CVE-2026-42941HIGHMacGregor Voyage Data Recorder Default Credentials Authentication Bypass
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25421MEDIUMOpen STA Manager 2.3 Path Traversal File Download Vulnerability
- CVE-2018-25423MEDIUMBuffer Overflow Denial of Service in Arm Whois 3.11