← Voltar para CVEs
CVE-2020-8974
CRITICAL10.0
Descricao
In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/17/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
zigor:zgr_tps200_ngzigor:zgr_tps200_ng_firmware
Fraquezas (CWE)
CWE-434CWE-434
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.