Skip to main content

Timeprovider 4100 Firmware CVE-2025-47904

MEDIUM
Download of Code Without Integrity Check (CWE-494)
2026-02-24 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
5.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 24, 2026 - 16:24 nvd
MEDIUM 5.7

DescriptionCVE.org

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

AnalysisAI

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. [CVSS 4.1 MEDIUM]

Technical ContextAI

Classified as CWE-494 (Download of Code Without Integrity Check). Affects Timeprovider 4100 Firmware. Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2024-9054 HIGH POC
8.5 Oct 04

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Inform

CVE-2024-43687 HIGH POC
7.7 Oct 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip T

CVE-2024-7801 MEDIUM POC
6.3 Oct 04

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProv

CVE-2025-47901 HIGH
8.9 Oct 20

OS command injection in Microchip TimeProvider 4100 Grandmaster (firmware versions before 2.5) allows authenticated atta

CVE-2025-47900 HIGH
8.9 Oct 20

OS command injection in Microchip TimeProvider 4100 Grandmaster allows authenticated adjacent network attackers to execu

CVE-2024-43685 HIGH
8.7 Oct 04

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2

CVE-2024-43684 HIGH
8.7 Oct 04

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-

CVE-2024-43683 HIGH
8.7 Oct 04

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP

CVE-2025-47902 HIGH
7.1 Oct 20

SQL injection in Microchip TimeProvider 4100 Grandmaster (firmware <2.5) allows adjacent network attackers with low-leve

CVE-2024-43686 MEDIUM
5.4 Oct 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip T

Share

CVE-2025-47904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy