Skip to main content

Timeprovider 4100 Firmware

11 CVEs product

Monthly

CVE-2025-47904 MEDIUM This Month

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. [CVSS 4.1 MEDIUM]

Information Disclosure Timeprovider 4100 Firmware
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-47902 HIGH This Week

SQL injection in Microchip TimeProvider 4100 Grandmaster (firmware <2.5) allows adjacent network attackers with low-level privileges to achieve high integrity and availability impact across system and vulnerable components. EPSS exploitation probability is low (0.03%, 9th percentile) with no public exploit identified at time of analysis. Authentication requirements indicate PR:L (low privileges required) per CVSS vector. Attack complexity is low but requires present attack timing conditions (AT:P).

SQLi Timeprovider 4100 Firmware
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-47901 HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster (firmware versions before 2.5) allows authenticated attackers on adjacent networks to execute arbitrary system commands with high privileges, leading to complete device compromise. The vulnerability requires low attack complexity and low privileges, with exploitation probability at 0.28% (EPSS), indicating moderate real-world risk. No public exploit identified at time of analysis, but the adjacent network requirement and low complexity make this readily exploitable in targeted attacks against time synchronization infrastructure.

Command Injection Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-47900 HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster allows authenticated adjacent network attackers to execute arbitrary system commands with elevated privileges on firmware versions prior to 2.5. The vulnerability requires low attack complexity and low privileges, enabling complete compromise of device confidentiality, integrity, and availability. EPSS exploitation probability is low (0.28%, 51st percentile) with no public exploit identified at time of analysis, though the straightforward attack vector presents significant risk to network time infrastructure in enterprise environments.

Command Injection Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2024-9054 HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
15.0%
CVE-2024-7801 MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.0 before 2.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-43687 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

XSS Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-43686 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.0 before 2.4.7. Rated medium severity (CVSS 5.4). No vendor patch available.

XSS Timeprovider 4100 Firmware
NVD
CVSS 4.0
5.4
EPSS
11.5%
CVE-2024-43685 HIGH This Week

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2.4.7. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-43684 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS CSRF Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-43683 HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Open Redirect Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 5.7
MEDIUM This Month

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. [CVSS 4.1 MEDIUM]

Information Disclosure Timeprovider 4100 Firmware
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in Microchip TimeProvider 4100 Grandmaster (firmware <2.5) allows adjacent network attackers with low-level privileges to achieve high integrity and availability impact across system and vulnerable components. EPSS exploitation probability is low (0.03%, 9th percentile) with no public exploit identified at time of analysis. Authentication requirements indicate PR:L (low privileges required) per CVSS vector. Attack complexity is low but requires present attack timing conditions (AT:P).

SQLi Timeprovider 4100 Firmware
NVD
EPSS 0% CVSS 8.9
HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster (firmware versions before 2.5) allows authenticated attackers on adjacent networks to execute arbitrary system commands with high privileges, leading to complete device compromise. The vulnerability requires low attack complexity and low privileges, with exploitation probability at 0.28% (EPSS), indicating moderate real-world risk. No public exploit identified at time of analysis, but the adjacent network requirement and low complexity make this readily exploitable in targeted attacks against time synchronization infrastructure.

Command Injection Timeprovider 4100 Firmware
NVD
EPSS 0% CVSS 8.9
HIGH This Week

OS command injection in Microchip TimeProvider 4100 Grandmaster allows authenticated adjacent network attackers to execute arbitrary system commands with elevated privileges on firmware versions prior to 2.5. The vulnerability requires low attack complexity and low privileges, enabling complete compromise of device confidentiality, integrity, and availability. EPSS exploitation probability is low (0.28%, 51st percentile) with no public exploit identified at time of analysis, though the straightforward attack vector presents significant risk to network time infrastructure in enterprise environments.

Command Injection Timeprovider 4100 Firmware
NVD
EPSS 15% CVSS 8.5
HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.0 before 2.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Timeprovider 4100 Firmware
NVD Exploit-DB
EPSS 1% CVSS 7.7
HIGH POC This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

XSS Timeprovider 4100 Firmware
NVD Exploit-DB
EPSS 12% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.0 before 2.4.7. Rated medium severity (CVSS 5.4). No vendor patch available.

XSS Timeprovider 4100 Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2.4.7. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Timeprovider 4100 Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS CSRF Timeprovider 4100 Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Open Redirect Timeprovider 4100 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy