Skip to main content

Itm Web Terminal CVE-2023-48978

| EUVDEUVD-2023-53003 CRITICAL
Code Injection (CWE-94)
2025-06-23 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2023-53003
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 15:15 nvd
CRITICAL 9.8

DescriptionCVE.org

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.

AnalysisAI

A remote code execution vulnerability (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-94 (Code Injection). CVSS 9.8 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

Share

CVE-2023-48978 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy