CVE-2013-6883

Cru-inc Ditto Forensic Fieldstation Firmware < 2013oct15a - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

Exploits (1)

exploitdb WRITEUP

by Martin Wundram · textwebappsphp

https://www.exploit-db.com/exploits/30396

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55989

Various Sources x_refsource_misc

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a

Various Sources x_refsource_misc

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Dec/80

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/100999

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30396

Scores

EPSS 0.0381

EPSS Percentile 88.1%

Details

CWE

CWE-352

Status published

Products (2)

cru-inc/ditto_forensic_fieldstation

cru-inc/ditto_forensic_fieldstation_firmware < 2013oct15a

Published Dec 17, 2013

Tracked Since Feb 18, 2026