An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing | Permissions Required |
https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Jul 2025, 19:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ncr:itm_web_terminal:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:ncr:itm_web_terminal:4.4.4:*:*:*:*:*:*:* |
|
Summary |
|
|
First Time |
Ncr
Ncr itm Web Terminal |
|
References | () https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing - Permissions Required | |
References | () https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md - Third Party Advisory |
24 Jun 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
23 Jun 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-23 15:15
Updated : 2025-07-09 19:10
NVD link : CVE-2023-48978
Mitre link : CVE-2023-48978
CVE.ORG link : CVE-2023-48978
JSON object : View
Products Affected
ncr
- itm_web_terminal
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')