Home

Description

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

PUBLISHED Reserved 2023-10-30 | Published 2024-01-20 | Updated 2025-06-17 | Assigner mitre

References

docs.google.com/...8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing

github.com/...1/Security-Advisories/tree/main/CVE-2023-47024

cve.org (CVE-2023-47024)

nvd.nist.gov (CVE-2023-47024)

Download JSON