← Volver a CVEs
CVE-2020-8974
CRITICAL10.0
Descripcion
In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/17/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
zigor:zgr_tps200_ngzigor:zgr_tps200_ng_firmware
Debilidades (CWE)
CWE-434CWE-434
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.