Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Token leaks on network-accessible endpoints (AV:N) only during high-privilege admin sessions with active interaction (PR:H/UI:R), yielding low credential-only confidentiality impact and no integrity or availability effect.
Primary rating from Vendor (Microchip).
CVSS VectorVendor: Microchip
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.
This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
AnalysisAI
Access token exposure in Microchip's GridTime 3000 GNSS Time Server (versions 1.0r0.03 through 1.1r0.0) leaks authentication credentials via URL query parameters on certain management endpoints. Any party capable of observing network traffic, server access logs, HTTP Referer headers, or browser history during a high-privilege administrator session can harvest the exposed token and subsequently impersonate that session. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a high-privilege administrator actively navigates to one of the specific affected endpoints on the GridTime 3000 management interface - the token exposure is triggered by legitimate administrative use, not by unsolicited external input. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 4.6 (Medium) reflects genuinely constrained exploitation conditions: the vulnerable behavior is triggered only when a high-privilege user (PR:H) actively interacts with the affected endpoints (UI:A), and the direct confidentiality impact is rated Low (VC:L), with zero integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with access to a web proxy, load balancer, or server-side access logs on the management network path monitors URLs generated during an administrator's routine session on the GridTime 3000 interface. The attacker extracts the plaintext access token from a logged URL query string and replays it in a crafted HTTP request to the device's management endpoints, successfully impersonating the administrator's session without needing to know their password. … |
| Remediation | Consult the Microchip vendor advisory at https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/gridtime-3000-gnss-time-server-access-token-exposure for the patched firmware release; no specific fix version number is confirmed in the data available at time of analysis, so the exact upgrade target must be verified directly with Microchip before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gridtime 3000
View allDOM-based cross-site scripting in Microchip's GridTime 3000 GNSS Time Server allows an authenticated attacker to inject
Open redirect in Microchip's GridTime 3000 GNSS Time Server allows authenticated low-privilege users to manipulate the p
Cross-site scripting in Microchip GridTime 3000 GNSS Time Server (versions 1.0r0.03 through 1.1r0.0) permits authenticat
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38041
GHSA-4766-4px9-j9m3