CVE-2020-8973
9.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZGR | ZGR TPS200 NG | 2.00 firmware version 2.00 | affected |
| ZGR | ZGR TPS200 NG | 1.01 hardware version 1.01 | affected |
Weaknesses
- CWE-284: CWE-284: improper access control
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.