CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ncr:itm_web_terminal:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ncr:itm_web_terminal:4.4.4:*:*:*:*:*:*:*

History

09 Jul 2025, 19:10

Type Values Removed Values Added
CPE cpe:2.3:a:ncr:itm_web_terminal:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ncr:itm_web_terminal:4.4.4:*:*:*:*:*:*:*
Summary
  • (es) Un problema en NCR ITM Web terminal v.4.4.0 y v.4.4.4 permite que un atacante remoto ejecute código arbitrario a través de un script manipulado en el componente URL de la cámara IP.
First Time Ncr
Ncr itm Web Terminal
References () https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing - () https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing - Permissions Required
References () https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md - () https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md - Third Party Advisory

24 Jun 2025, 16:15

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

23 Jun 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-23 15:15

Updated : 2025-07-09 19:10


NVD link : CVE-2023-48978

Mitre link : CVE-2023-48978

CVE.ORG link : CVE-2023-48978


JSON object : View

Products Affected

ncr

  • itm_web_terminal
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')