CVE-2024-43684 HIGH

CVE-2024-43684: Cross-Site Request Forgery vulnerability in TimeProvider 4100

Vendor Microchip

Product TimeProvider 4100

Weakness CWE-352 · CSRF

Published October 4, 2024

Last update August 29, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.

Key dates

02Disclosure timeline

October 4, 2024 CVE published

August 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43684

Related vulnerabilities

04Related CVE

CVE-2025-23081 Various security vulnerabilities in Extension:DataTransfer CVE-2025-32276 WordPress Administrator Z plugin <= 2026.03.02 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-32451 WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-35773 WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability CVE-2025-31680 Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008