CVE Catalog
CVE-2026-12620
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.24%
15th percentile - higher than 15% of all known CVEs
Summary
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This affects versions from 1.0r0.03 through 1.1r0.0.
Risk Assessment
An attacker can intercept the access token from server logs, browser history, or network traffic, enabling unauthorized access to the device.
Recommendation
Immediately update the GridTime 3000 firmware to a version later than 1.1r0.0 and avoid transmitting tokens in URL parameters.
Original NVD description (English source)
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

