CVE-2020-8973 CRITICAL

CVE-2020-8973: ZGR TPS200 NG Improper access control

Vendor Zgr
Product ZGR TPS200 NG
Weakness CWE-284
Published October 17, 2022
Last update May 13, 2025

CVSS base score

9.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
May 13, 2025 Record updated