CVE Catalog

CVE-2026-12620

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This affects versions from 1.0r0.03 through 1.1r0.0.

Risk Assessment

An attacker can intercept the access token from server logs, browser history, or network traffic, enabling unauthorized access to the device.

Recommendation

Immediately update the GridTime 3000 firmware to a version later than 1.1r0.0 and avoid transmitting tokens in URL parameters.

Original NVD description (English source)

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS