Skip to main content

GridTime 3000 EUVDEUVD-2026-38041

| CVE-2026-12620 MEDIUM
Information Exposure (CWE-200)
2026-06-19 Microchip GHSA-4766-4px9-j9m3
4.6
CVSS 4.0 · Vendor: Microchip
Share

Severity by source

Vendor (Microchip) PRIMARY
4.6 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
2.4 LOW

Token leaks on network-accessible endpoints (AV:N) only during high-privilege admin sessions with active interaction (PR:H/UI:R), yielding low credential-only confidentiality impact and no integrity or availability effect.

3.1 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Microchip).

CVSS VectorVendor: Microchip

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 19, 2026 - 16:34 vuln.today

DescriptionCVE.org

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.

This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

AnalysisAI

Access token exposure in Microchip's GridTime 3000 GNSS Time Server (versions 1.0r0.03 through 1.1r0.0) leaks authentication credentials via URL query parameters on certain management endpoints. Any party capable of observing network traffic, server access logs, HTTP Referer headers, or browser history during a high-privilege administrator session can harvest the exposed token and subsequently impersonate that session. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to management network logs or intercept position
Delivery
Wait for high-privilege admin to access affected endpoint
Exploit
Capture URL containing plaintext access token in query parameters
Execution
Extract token value from observed URL
Persist
Craft HTTP request replaying captured token
Impact
Access GridTime 3000 management interface as authenticated admin

Vulnerability AssessmentAI

Exploitation Exploitation requires that a high-privilege administrator actively navigates to one of the specific affected endpoints on the GridTime 3000 management interface - the token exposure is triggered by legitimate administrative use, not by unsolicited external input. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.6 (Medium) reflects genuinely constrained exploitation conditions: the vulnerable behavior is triggered only when a high-privilege user (PR:H) actively interacts with the affected endpoints (UI:A), and the direct confidentiality impact is rated Low (VC:L), with zero integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to a web proxy, load balancer, or server-side access logs on the management network path monitors URLs generated during an administrator's routine session on the GridTime 3000 interface. The attacker extracts the plaintext access token from a logged URL query string and replays it in a crafted HTTP request to the device's management endpoints, successfully impersonating the administrator's session without needing to know their password. …
Remediation Consult the Microchip vendor advisory at https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/gridtime-3000-gnss-time-server-access-token-exposure for the patched firmware release; no specific fix version number is confirmed in the data available at time of analysis, so the exact upgrade target must be verified directly with Microchip before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38041 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy