Vulnerabilities > CVE-2013-6884 - Credentials Management vulnerability in Cru-Inc products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cru-inc
CWE-255
critical
exploit available

Summary

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

Vulnerable Configurations

Part Description Count
OS
Cru-Inc
1
Hardware
Cru-Inc
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionDitto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities. CVE-2013-6881,CVE-2013-6884. Webapps exploit for php platform
fileexploits/php/webapps/30396.txt
idEDB-ID:30396
last seen2016-02-03
modified2013-12-17
platformphp
port80
published2013-12-17
reporterMartin Wundram
sourcehttps://www.exploit-db.com/download/30396/
titleDitto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/124420/dittoforensic-xssexecxsrf.txt
idPACKETSTORM:124420
last seen2016-12-05
published2013-12-13
reporterMartin Wundram
sourcehttps://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html
titleDitto Forensic FieldStation 2013Oct15a XSS/ CSRF / Command Execution