CVE Catalog

CVE-2026-12622

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

The GridTime 3000 GNSS Time Server contains an open redirect vulnerability in the password change form submission. An attacker can exploit this flaw to redirect users to a malicious site after a password change.

Risk Assessment

The risk involves potential phishing attacks or credential theft by redirecting victims to a crafted page after password change.

Recommendation

Immediately update the GridTime 3000 software to a version later than 1.1r0.0, which includes a fix for this vulnerability. Until the update, restrict access to the device management interface.

Original NVD description (English source)

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS