CVE-2020-8973

Name of the Vulnerable Software and Affected Versions ZGR TPS200 NG version 2.00 firmware and 1.01 hardware

Description The issue allows an attacker with access to the network where the affected asset is located to operate and change several parameters without having to be registered as a user on the web that owns the device. This is due to the device not properly accepting specially constructed requests.

Recommendations For ZGR TPS200 NG version 2.00 firmware and 1.01 hardware, consider restricting access to the device's network to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to change parameters without proper user registration. At the moment, there is no information about a newer version that contains a fix for this issue.