Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-8976
HistoryOct 17, 2022 - 10:15 p.m.

CVE-2020-8976

2022-10-1722:15:10
CWE-352
[email protected]
web.nvd.nist.gov
5
zgr tps200 ng
firmware version
hardware version
remote attacker
victim user
active session
malicious request
permissions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.0%

JSON

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

Affected configurations

Nvd
Node
zigorzgr_tps200_ng_firmwareMatch2.00
AND
zigorzgr_tps200_ngMatch1.01
VendorProductVersionCPE
zigorzgr_tps200_ng_firmware2.00cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*
zigorzgr_tps200_ng1.01cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
cve 1
cvelist
cvelist
CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)
2022-10-17 21:18:06
prion
prion
Server side request forgery (ssrf)
2022-10-17 22:15:00
cve
cve
CVE-2020-8976
2022-10-17 22:15:10

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.0%

JSON
Related for NVD:CVE-2020-8976
cvelist1prion1cve1