CVE-2020-8974

CRITICAL

Zigor Zgr Tps200 NG Firmware - Unrestricted File Upload

Title source: rule

Description

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

Scores

CVSS v3 10.0

EPSS 0.0033

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

zigor/zgr_tps200_ng_firmware 2.00

Published Oct 17, 2022

Tracked Since Feb 18, 2026