Lucene search

INCIBECVELIST:CVE-2020-8973

HistorySep 30, 2022 - 12:00 a.m.

CVE-2020-8973 ZGR TPS200 NG Improper access control

2022-09-3000:00:00

CWE-284

INCIBE

www.cve.org

zgr tps200 ng

firmware

hardware

unauthorized access

parameter changes

network access

security vulnerability

9.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZGR TPS200 NG",
    "vendor": "ZGR",
    "versions": [
      {
        "status": "affected",
        "version": "2.00 firmware version 2.00"
      },
      {
        "status": "affected",
        "version": "1.01 hardware version 1.01"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

9.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVELIST:CVE-2020-8973