CVE-2013-6881

Cru-inc Ditto Forensic Fieldstation Firmware - OS Command Injection

Title source: rule

Description

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

Exploits (1)

exploitdb WRITEUP

by Martin Wundram · textwebappsphp

https://www.exploit-db.com/exploits/30396

View Code ZIP pw:eip

References (6)

Core 6

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55989

Vendor Advisory x_refsource_misc

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Dec/80

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30396

Vendor Advisory x_refsource_misc

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/

Scores

EPSS 0.3786

EPSS Percentile 97.2%

Details

CWE

CWE-78

Status published

Products (2)

cru-inc/ditto_forensic_fieldstation

cru-inc/ditto_forensic_fieldstation_firmware < 2013jun30a

Published Jan 07, 2014

Tracked Since Feb 18, 2026