CVE-2020-8974

Summary

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

Affected Software

VendorProductVersion RangeStatus
ZGRZGR TPS200 NG2.00 firmware version 2.00affected
ZGRZGR TPS200 NG1.01 hardware version 1.01affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References