CVE-2026-12622
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
The GridTime 3000 GNSS Time Server contains an open redirect vulnerability in the password change form submission. An attacker can exploit this flaw to redirect users to a malicious site after a password change.
Risk Assessment
The risk involves potential phishing attacks or credential theft by redirecting victims to a crafted page after password change.
Recommendation
Immediately update the GridTime 3000 software to a version later than 1.1r0.0, which includes a fix for this vulnerability. Until the update, restrict access to the device management interface.
Original NVD description (English source)
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

