The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

CVE-2026-42951 medium · 5.4

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.

CVE-2026-44611 medium · 5.4

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.

CVE-2026-42929 high · 8.3

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.

CVE-2026-42941 high · 8.3

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.