📄 NCR Command Center Agent 16.3 Remote Code Execution

CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

Design/Logic Flaw

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

NCR Aloha POS SOAP API Detection

Binary data ncralohaposwebdetect.nbin...

NCR Aloha POS SMB Default Credentials

The remote NCR Aloha POS device is running with default credentials aloha / aloha. A remote, unauthenticated attacker could exploit this to take control of the system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108716; scriptversion"1.2"; scriptcvsdate"Date:...