Skip to main content

Time Provider 4100

1 CVEs product

Monthly

CVE-2025-9497 MEDIUM PATCH This Month

Microchip Time Provider 4100 contains hard-coded credentials used for software update decryption, allowing malicious actors to craft and deploy unauthorized firmware updates without detection. Versions prior to 2.5.0 are affected. An attacker with local or network access to the device can leverage these credentials to bypass authentication controls during the manual software update process, potentially gaining full control of the time synchronization infrastructure.

Authentication Bypass Time Provider 4100
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Microchip Time Provider 4100 contains hard-coded credentials used for software update decryption, allowing malicious actors to craft and deploy unauthorized firmware updates without detection. Versions prior to 2.5.0 are affected. An attacker with local or network access to the device can leverage these credentials to bypass authentication controls during the manual software update process, potentially gaining full control of the time synchronization infrastructure.

Authentication Bypass Time Provider 4100
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy