彙總 elspec-ltd 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 XXE與緩衝區溢位 等問題,部分漏洞可能導致 應用程式崩潰,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-59392 | On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port. | [email protected] | 6.8 | 0.18% | 2025-11-06 | 2026-06-17 |
| CVE-2024-46603 | An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. | [email protected] | 7.5 | 0.67% | 2025-01-07 | 2026-06-17 |
| CVE-2024-46602 | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | [email protected] | 7.5 | 0.67% | 2025-01-07 | 2026-06-17 |
| CVE-2024-46601 | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. | [email protected] | 7.5 | 0.66% | 2025-01-07 | 2026-06-17 |
| CVE-2024-22085 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | [email protected] | 6.2 | 0.23% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22084 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | [email protected] | 7.5 | 0.39% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22083 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | [email protected] | 6.5 | 0.55% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22082 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. | [email protected] | 7.5 | 0.63% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22081 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. | [email protected] | 9.8 | 0.78% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22080 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. | [email protected] | 9.8 | 0.78% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22079 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. | [email protected] | 7.5 | 1.02% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22078 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | [email protected] | 8.8 | 0.64% | 2024-03-20 | 2026-06-17 |
| CVE-2024-22077 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. | [email protected] | 5.3 | 0.48% | 2024-03-20 | 2026-06-17 |