CVE-2026-40425 MEDIUM

CVE-2026-40425: MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

Vendor Danelec
Product MacGregor Voyage Data Recorder (VDR) G4e
Weakness CWE-552 · Files accessible externally
Published May 29, 2026
Last update May 29, 2026

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

Key dates

02Disclosure timeline

May 29, 2026 CVE published
May 29, 2026 Record updated