CVE-2020-8974

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*

cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*

History

09 Nov 2023, 16:15

Type	Values Removed	Values Added
References	{'url': 'https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng', 'name': 'https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng', 'tags': ['Third Party Advisory', 'VDB Entry'], 'refsource': 'CONFIRM'}	() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng -

Information

Published : 2022-10-17 22:15

Updated : 2024-02-28 19:29

NVD link : CVE-2020-8974

Mitre link : CVE-2020-8974

CVE.ORG link : CVE-2020-8974

JSON object : View

Products Affected

zigor

zgr_tps200_ng_firmware
zgr_tps200_ng

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-8974", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 3.9}]}, "published": "2022-10-17T22:15:10.110", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable."}, {"lang": "es", "value": "En ZGR TPS200 NG versi\u00f3n de firmware 2.00 y la versi\u00f3n de hardware 1.01, el proceso de carga del firmware no lleva a cabo ning\u00fan tipo de restricci\u00f3n. Esto permite a un atacante modificarlo y volver a subirlo por medio de la web con modificaciones maliciosas, dejando el dispositivo inusable"}], "lastModified": "2023-11-09T16:15:33.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F42D21EF-7B57-43BB-8515-809E45880176"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABB13226-AA1F-4DA9-925D-832EFAC30748"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}