Vulnerabilities > CVE-2013-6884 - Credentials Management vulnerability in Cru-Inc products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities. CVE-2013-6881,CVE-2013-6884. Webapps exploit for php platform |
file | exploits/php/webapps/30396.txt |
id | EDB-ID:30396 |
last seen | 2016-02-03 |
modified | 2013-12-17 |
platform | php |
port | 80 |
published | 2013-12-17 |
reporter | Martin Wundram |
source | https://www.exploit-db.com/download/30396/ |
title | Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/124420/dittoforensic-xssexecxsrf.txt |
id | PACKETSTORM:124420 |
last seen | 2016-12-05 |
published | 2013-12-13 |
reporter | Martin Wundram |
source | https://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html |
title | Ditto Forensic FieldStation 2013Oct15a XSS/ CSRF / Command Execution |
References
- http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html
- http://seclists.org/fulldisclosure/2013/Dec/80
- http://secunia.com/advisories/55989
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/
- http://www.exploit-db.com/exploits/30396