CVE-2013-6883

CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6883. PoCs published by Martin Wundram.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Description

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
by Martin Wundram · textwebappsphp
https://www.exploit-db.com/exploits/30396

This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Ditto Forensic FieldStation <= 2013Oct15a
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55989
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/80
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/100999
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30396

Scores

EPSS 0.0251
EPSS Percentile 82.8%

Details

CWE
CWE-352
Status published
Products (2)
cru-inc/ditto_forensic_fieldstation
cru-inc/ditto_forensic_fieldstation_firmware < 2013oct15a
Published Dec 17, 2013
Tracked Since Feb 18, 2026