CVE-2013-6884

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html	Exploit
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989	Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/	Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/	Vendor Advisory
http://www.exploit-db.com/exploits/30396	Exploit
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html	Exploit
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989	Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/	Vendor Advisory
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/	Vendor Advisory
http://www.exploit-db.com/exploits/30396	Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html - Exploit~~	() http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html - Exploit
References	~~() http://seclists.org/fulldisclosure/2013/Dec/80 -~~	() http://seclists.org/fulldisclosure/2013/Dec/80 -
References	~~() http://secunia.com/advisories/55989 - Vendor Advisory~~	() http://secunia.com/advisories/55989 - Vendor Advisory
References	~~() http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/ - Vendor Advisory~~	() http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/ - Vendor Advisory
References	~~() http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/ - Vendor Advisory~~	() http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/ - Vendor Advisory
References	~~() http://www.exploit-db.com/exploits/30396 - Exploit~~	() http://www.exploit-db.com/exploits/30396 - Exploit

Information

Published : 2014-01-07 17:04

Updated : 2025-04-11 00:51

NVD link : CVE-2013-6884

Mitre link : CVE-2013-6884

CVE.ORG link : CVE-2013-6884

JSON object : View

Products Affected

cru-inc

ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation

CWE

CWE-255

Credentials Management Errors

10.0 /10