NCR ITM Web Terminal Arbitrary Code Execution Vulnerability

A vulnerability allowing remote code execution has been identified in NCR ITM Web Terminal versions 4.4.0 and 4.4.4. The issue arises from the application’s IP camera URL component, which can be manipulated to execute arbitrary scripts.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where NCR ITM Web Terminal is running.

Reproduction

The vulnerability can be reproduced by sending a crafted script to the IP camera URL component via the user profile page or the organization terminal details module. This can be done by replacing the default IP camera URL with a link to a Burp Collaborator listener. Once the modified URL is saved, initiating a call through the teller app interface will trigger a request to the collaborator link, executing the injected script.