Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Elspec-ltd Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22078 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 8.8 HIGH
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.
CVE-2024-22077 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 5.3 MEDIUM
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.
CVE-2024-22085 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 6.2 MEDIUM
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.
CVE-2024-22084 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.
CVE-2024-22083 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 6.5 MEDIUM
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.
CVE-2024-22082 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
CVE-2024-22081 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 9.8 CRITICAL
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
CVE-2024-22080 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 9.8 CRITICAL
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.
CVE-2024-22079 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
CVE-2024-46603 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.
CVE-2024-46602 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.
CVE-2024-46601 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 N/A 7.5 HIGH
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.