CVE-2024-22083

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.elspec-ltd.com/support/security-advisories/	Vendor Advisory
https://www.elspec-ltd.com/support/security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:elspec-ltd:g5dfr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elspec-ltd:g5dfr:-:*:*:*:*:*:*:*

History

16 Apr 2025, 17:29

Type	Values Removed	Values Added
CPE		cpe:2.3:h:elspec-ltd:g5dfr:-:::::::* cpe:2.3:o:elspec-ltd:g5dfr_firmware::::::::
First Time		Elspec-ltd Elspec-ltd g5dfr Elspec-ltd g5dfr Firmware
References	~~() https://www.elspec-ltd.com/support/security-advisories/ -~~	() https://www.elspec-ltd.com/support/security-advisories/ - Vendor Advisory
CWE		CWE-798

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://www.elspec-ltd.com/support/security-advisories/ -~~	() https://www.elspec-ltd.com/support/security-advisories/ -

18 Nov 2024, 19:35

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en las versiones 1.1.4.15 y anteriores Elspec G5 digital fault recorder. Existe una ID de sesión de puerta trasera codificada que se puede usar para obtener más acceso al dispositivo, incluidas las tareas de reconfiguración.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

20 Mar 2024, 13:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-20 05:15

Updated : 2025-04-16 17:29

NVD link : CVE-2024-22083

Mitre link : CVE-2024-22083

CVE.ORG link : CVE-2024-22083

JSON object : View

Products Affected

elspec-ltd

g5dfr_firmware
g5dfr

CWE

CWE-798

Use of Hard-coded Credentials

6.5 /10