Elspec-ltd G5dfr_firmware
13 CVEs affecting Elspec-ltd G5dfr_firmware. Latest disclosed: 2025-11-06. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22081 | Critical | 9.8 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsin… |
CVE-2024-22080 | Critical | 9.8 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. |
CVE-2024-22078 | High | 8.8 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network… |
CVE-2024-46603 | High | 7.5 | 2025-01-07 | An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (Do… |
CVE-2024-46602 | High | 7.5 | 2025-01-07 | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to c… |
CVE-2024-46601 | High | 7.5 | 2025-01-07 | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. |
CVE-2024-22084 | High | 7.5 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. |
CVE-2024-22082 | High | 7.5 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be… |
CVE-2024-22079 | High | 7.5 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. |
CVE-2025-59392 | Medium | 6.8 | 2025-11-06 | On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly… |
CVE-2024-22083 | Medium | 6.5 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further a… |
CVE-2024-22085 | Medium | 6.2 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. |
CVE-2024-22077 | Medium | 5.3 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. |