A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
An attacker injects a specially crafted payload into any text field accepting character strings in the NCR Terminal Handler application. This data is then exported or processed in CSV format without proper sanitization, leading to execution of embedded formulas or commands — for example through a spreadsheet application or other CSV parser opening the generated file. This mechanism is a classic example of formula injection attack, where malicious input data is interpreted as instructions by software processing CSV.
An attacker can execute arbitrary commands in the context of the system or application processing the infected CSV file, which can lead to complete system takeover, disclosure of sensitive data, or breach of service integrity and availability.
Apply patches available from the vendor according to the references. Until updates are applied, it is recommended to restrict access to text fields in the application exclusively to trusted users and implement input validation and sanitization on the server side, blocking special characters characteristic of CSV formulas (e.g., =, +, -, @).
NCR Terminal Handler v1.5.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNcr Terminal Handler
APPNcr1.5.1
Related vulnerabilities
NCR Terminal Handler — manipulacja ustawieniami umożliwia wykonanie dowolnych poleceń
RCE i wyciek danych w NCR Terminal Handler przez komponent UserService
RCE w NCR Terminal Handler via SOAP API — nieuwierzytelniony dostęp zdalny
NCR Terminal Handler – privilege escalation przez SOAP API
RCE w NCR Terminal Handler v.1.5.1 przez SOAP API