G5dfr Firmware Security Vulnerabilities and Issues — G5dfr Firmware CVE List

Lucene search

Elspec-ltdG5dfr Firmware

12 matches found

CVE•added 2024/03/20 5:15 a.m.•53 views

CVE-2024-22079

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.

7.5CVSS6.8AI score0.00498EPSS

CVE•added 2024/03/20 5:15 a.m.•49 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escala...

8.8CVSS7.2AI score0.0018EPSS

CVE•added 2024/03/20 5:15 a.m.•49 views

CVE-2024-22083

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.

6.5CVSS6.8AI score0.00094EPSS

CVE•added 2024/03/20 5:15 a.m.•49 views

CVE-2024-22084

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.

7.5CVSS6.8AI score0.00093EPSS

CVE•added 2024/03/20 5:15 a.m.•48 views

CVE-2024-22080

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.

9.8CVSS7.1AI score0.00378EPSS

CVE•added 2024/03/20 5:15 a.m.•46 views

CVE-2024-22077

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.

5.3CVSS6.8AI score0.00144EPSS

CVE•added 2024/03/20 5:15 a.m.•45 views

CVE-2024-22081

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.

9.8CVSS7.1AI score0.00378EPSS

CVE•added 2024/03/20 5:15 a.m.•45 views

CVE-2024-22085

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.

6.2CVSS6.8AI score0.00042EPSS

CVE•added 2025/01/07 4:15 p.m.•43 views

CVE-2024-46601

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

7.5CVSS7.8AI score0.00113EPSS

CVE•added 2025/01/07 4:15 p.m.•41 views

CVE-2024-46602

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.

7.5CVSS6.9AI score0.00147EPSS

CVE•added 2024/03/20 5:15 a.m.•40 views

CVE-2024-22082

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

7.5CVSS6.8AI score0.00229EPSS

CVE•added 2025/01/07 4:15 p.m.•37 views

CVE-2024-46603

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.

7.5CVSS6.9AI score0.00147EPSS