CVE-2026-44611
CVE-2026-44611 is a medium-severity vulnerability in Macgregor Interschalt Vdr G4e Firmware with a CVSS 3.x base score of 5.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-916.
Key facts
- Severity: Medium (CVSS 3.x base score 5.4)
- CVSS v4: 5.9
- EPSS exploit prediction: 0% (4th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-33398
- Weakness: CWE-916
- Affected product: Macgregor Interschalt Vdr G4e Firmware
- Published:
- Last modified:
Description
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Frequently asked questions
- What is CVE-2026-44611?
- Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
- How severe is CVE-2026-44611?
- CVE-2026-44611 has a CVSS 3.x base score of 5.4, rated medium severity. It is exploitable over an adjacent network with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity low, and availability none.
- Is CVE-2026-44611 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (4th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-44611?
- CVE-2026-44611 affects Macgregor Interschalt Vdr G4e Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-44611?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-44611 have an EU (EUVD) identifier?
- Yes. CVE-2026-44611 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-33398.
- When was CVE-2026-44611 published?
- CVE-2026-44611 was published on 2026-05-29 and last updated on 2026-06-17.
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
- https://www.danelec.com/contact
Affected products (1)
- cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Macgregor Interschalt Vdr G4e Firmware
- CVE-2026-42941 — High (CVSS 8.3): The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password…
- CVE-2026-42929 — High (CVSS 8.3): Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
- CVE-2026-40425 — Medium (CVSS 5.7): The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive…
- CVE-2026-42951 — Medium (CVSS 5.4): An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes…
- CVE-2016-9339 — Medium (CVSS 5.3): An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to…
All CVEs affecting Macgregor Interschalt Vdr G4e Firmware →
Other CWE-916 vulnerabilities
- CVE-2020-14516 — Critical (CVSS 10.0): In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the…
- CVE-2026-30789 — Critical (CVSS 9.8): Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts…
- CVE-2024-5743 — Critical (CVSS 9.8): An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome…
- CVE-2021-36767 — Critical (CVSS 9.8): In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the…
- CVE-2021-32519 — Critical (CVSS 9.8): Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows…
- CVE-2019-17216 — Critical (CVSS 9.8): An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password…