G5 digital fault recorder
by Elspec
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22081 | Cri | 0.64 | 9.8 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. | ||
| CVE-2024-22080 | Cri | 0.64 | 9.8 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. | ||
| CVE-2024-22078 | Hig | 0.57 | 8.8 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the… | ||
| CVE-2024-46602 | Hig | 0.49 | 7.5 | 0.01 | Jan 7, 2025 | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | ||
| CVE-2024-22084 | Hig | 0.49 | 7.5 | 0.00 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | ||
| CVE-2024-22082 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. | ||
| CVE-2024-22079 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. | ||
| CVE-2024-22083 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | ||
| CVE-2024-22085 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | ||
| CVE-2024-22077 | Med | 0.34 | 5.3 | 0.00 | Mar 20, 2024 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.
- risk 0.40cvss 6.2epss 0.00
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.