CVE-2024-43684

Name of the Vulnerable Software and Affected Versions Microchip TimeProvider 4100 versions 1.0 and later

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that also allows Cross-Site Scripting (XSS). This vulnerability affects the Microchip TimeProvider 4100, allowing for unauthorized actions to be performed on the device.

Recommendations For Microchip TimeProvider 4100 version 1.0 and later, update to a version that includes a fix for this issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating request origins and using anti-CSRF tokens. Restrict access to sensitive functionality to minimize the risk of exploitation.