CVE-2013-6881

CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - OS Command Injection via Sector Size or Skip Count Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6881. PoCs published by Martin Wundram.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Description

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

Exploits (1)

exploitdb WRITEUP
by Martin Wundram · textwebappsphp
https://www.exploit-db.com/exploits/30396

This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Ditto Forensic FieldStation <= 2013Oct15a
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.1261
EPSS Percentile 95.7%

Details

CWE
CWE-78
Status published
Products (2)
cru-inc/ditto_forensic_fieldstation
cru-inc/ditto_forensic_fieldstation_firmware < 2013jun30a
Published Jan 07, 2014
Tracked Since Feb 18, 2026