PT-2022-9067 · Zgr · Zgr Tps200 Ng
The Industrial
·
Published
2022-10-17
·
Updated
2023-11-09
·
CVE-2020-8974
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZGR TPS200 NG version 2.00 (firmware) and version 1.01 (hardware)
Description
The firmware upload process in the affected device does not have restrictions, allowing an attacker to modify the firmware and re-upload it via the web with malicious modifications. This can render the device unusable.
Recommendations
For ZGR TPS200 NG version 2.00 (firmware) and version 1.01 (hardware), consider restricting access to the firmware upload process via the web to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zgr Tps200 Ng