Elspec-Ltd: >> G5dfr Security Vulnerabilities
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-06
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-01-07
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-07
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-07
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-20
Page 1