1. Home
  2. CVE Database
  3. CVE-2020-8974
CRITICAL · 10.0

CVE-2020-8974

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web wi...

Vulnerability Description

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ZigorZgr Tps200 Ng Firmware2.00
ZigorZgr Tps200 Ng1.01

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2020-8974?

CVE-2020-8974 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web wi...

How severe is CVE-2020-8974?

CVE-2020-8974 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-8974?

Check the references section above for vendor advisories and patch information. Affected products include: Zigor Zgr Tps200 Ng Firmware, Zigor Zgr Tps200 Ng.