Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
AnalysisAI
A remote code execution vulnerability (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.
Technical ContextAI
CWE-94 (Code Injection). CVSS 9.8 indicates critical severity with likely remote exploitation vector.
RemediationAI
Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-53003