VYPR

G5 digital fault recorder

by Elspec

CVEs (10)

  • CVE-2024-22081CriMar 20, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.

  • CVE-2024-22080CriMar 20, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.

  • CVE-2024-22078HigMar 20, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the…

  • CVE-2024-46602HigJan 7, 2025
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.

  • CVE-2024-22084HigMar 20, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.

  • CVE-2024-22082HigMar 20, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

  • CVE-2024-22079HigMar 20, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.

  • CVE-2024-22083MedMar 20, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.

  • CVE-2024-22085MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.

  • CVE-2024-22077MedMar 20, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.