CVE-2020-8973

Published: Oct 17, 2022Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.

Affected (1)

Products: Zigor: Zgr Tps200 Ng Firmware

1 product

Zgr Tps200 Ng Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zigor Zgr Tps200 Ng Firmware	Version 2.00

Running on/with	Platform Versions
Zigor Zgr Tps200 Ng	Version 1.01

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

Source: cve-coordination@incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.