We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here

Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here

Complete your profile to access more resources. Update Here

PSIRT-105: TimeProvider™ 4100 Unsigned Upgrade Vulnerability

Vulnerability Details

Date of Disclosure: 02/19/2026

Affected Product: TimeProvider^TM 4100 GNSS Grandmaster

Vulnerability Type: Unsigned upgrade images (CWE-345)
CVE Identifier: CVE-2025-47904
CVSS Score: 5.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P
Vulnerability Description:
- The upgrade package is not signed through an asymmetric encryption scheme, allowing a malicious user to tamper and install an arbitrary filesystem
Affected Versions:
- All firmware versions
Vulnerability Status:
- To be addressed in a future version

Risk Assessment

Exploiting this vulnerability requires an attacker to have penetrated the unit and extracted the root password and gained total access to system which is a complex and expensive attack. Only then could the symmetric key used for upgrade images be extracted by disassembling the upgrade binary code.

Mitigation

Upgrades are only available on a separate management port which should not be connected to an untrusted network. ACLs are available to further restrict access to only trusted addresses.

Patch/Release Information

Signing of upgrade images may be addressed in a future release.

Acknowledgements

Reported by Dario Emilio Bertani, Raffaele Bova, Andrea Sindoni, Simone Bossi, Antonio Carriero, Marco Manieri, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli and TIM Security Red Team Research.

Recommendations

It is strongly recommended that all customers upgrade to the latest firmware.