CVE-2026-40425

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,7

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: low

Description

AI Translation Available

The administrator account for the

Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.

552

Files or Directories Accessible to External Parties

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Files Or Directories Modify Files Or Directories

Applicable Platforms

Technologies: Not Technology-Specific, Cloud Computing

View CWE Details

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/…

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-1…

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148…

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01

https://www.danelec.com/contact

CVE-2026-40425

Description

Files or Directories Accessible to External Parties

Common Consequences

Applicable Platforms

Iscriviti alla newsletter