Skip to main content

Timeprovider 4100 Firmware CVE-2024-43684

HIGH
Cross-site Scripting (XSS) (CWE-79)
2024-10-04 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
8.7
CVSS 4.0 · Vendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Share

Severity by source

Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber

Primary rating from Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) · only source for this CVE.

CVSS VectorVendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
CVE Published
Oct 04, 2024 - 20:15 cve.org
HIGH 8.7

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Affected products include: Microchip Timeprovider 4100 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-9054 HIGH POC
8.5 Oct 04

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Inform

CVE-2024-43687 HIGH POC
7.7 Oct 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip T

CVE-2024-7801 MEDIUM POC
6.3 Oct 04

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProv

CVE-2025-47901 HIGH
8.9 Oct 20

OS command injection in Microchip TimeProvider 4100 Grandmaster (firmware versions before 2.5) allows authenticated atta

CVE-2025-47900 HIGH
8.9 Oct 20

OS command injection in Microchip TimeProvider 4100 Grandmaster allows authenticated adjacent network attackers to execu

CVE-2024-43685 HIGH
8.7 Oct 04

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2

CVE-2024-43683 HIGH
8.7 Oct 04

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP

CVE-2025-47902 HIGH
7.1 Oct 20

SQL injection in Microchip TimeProvider 4100 Grandmaster (firmware <2.5) allows adjacent network attackers with low-leve

CVE-2025-47904 MEDIUM
5.7 Feb 24

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software

CVE-2024-43686 MEDIUM
5.4 Oct 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip T

Share

CVE-2024-43684 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy