CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8976

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile42.26th
PublishedOct 17, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

Affected Platforms (CPE)

💻
Zigor

Zgr Tps200 Ng Firmware

= 2.00

References & Advisories

🔗 https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
🔗 https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng

Related Vulnerabilities

CVE-2020-897410.0

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restric...

CVE-2020-89739.3

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. Thi...

CVE-2020-89757.5

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application ...

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...