Elspec-ltdCVEs & Vulnerabilities

13 CVEs affecting Elspec-ltd products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

g5dfr 13g5dfr firmware 13
CVE-2025-59392MEDIUM

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.

6 Nov 2025
6.8
CVSS
CVE-2024-46603HIGH

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.

7 Jan 2025
7.5
CVSS
CVE-2024-46602HIGH

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.

7 Jan 2025
7.5
CVSS
CVE-2024-46601HIGH

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

7 Jan 2025
7.5
CVSS
CVE-2024-22085MEDIUM

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.

20 Mar 2024
6.2
CVSS
CVE-2024-22084HIGH

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.

20 Mar 2024
7.5
CVSS
CVE-2024-22083MEDIUM

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.

20 Mar 2024
6.5
CVSS
CVE-2024-22082HIGH

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

20 Mar 2024
7.5
CVSS
CVE-2024-22081CRITICAL

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.

20 Mar 2024
9.8
CVSS
CVE-2024-22080CRITICAL

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.

20 Mar 2024
9.8
CVSS
CVE-2024-22079HIGH

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.

20 Mar 2024
7.5
CVSS
CVE-2024-22078HIGH

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.

20 Mar 2024
8.8
CVSS
CVE-2024-22077MEDIUM

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.

20 Mar 2024
5.3
CVSS
← PrevPage 1 / 1Next →