Elspec-ltd G5dfr

13 CVEs affecting Elspec-ltd G5dfr. Latest disclosed: 2025-11-06. Critical: 2, High: 7.

Top CVEs affecting Elspec-ltd G5dfr
CVESeverityScorePublishedSummary
CVE-2024-22081Critical9.82024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsin…
CVE-2024-22080Critical9.82024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.
CVE-2024-22078High8.82024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network…
CVE-2024-46603High7.52025-01-07An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (Do…
CVE-2024-46602High7.52025-01-07An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to c…
CVE-2024-46601High7.52025-01-07Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.
CVE-2024-22084High7.52024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.
CVE-2024-22082High7.52024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be…
CVE-2024-22079High7.52024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
CVE-2025-59392Medium6.82025-11-06On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly…
CVE-2024-22083Medium6.52024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further a…
CVE-2024-22085Medium6.22024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.
CVE-2024-22077Medium5.32024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.