CVE-2013-6884

CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Default Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6884. PoCs published by Martin Wundram.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Description

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

Exploits (1)

exploitdb WRITEUP
by Martin Wundram · textwebappsphp
https://www.exploit-db.com/exploits/30396

This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Ditto Forensic FieldStation <= 2013Oct15a
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.1027
EPSS Percentile 95.1%

Details

CWE
CWE-255
Status published
Products (2)
cru-inc/ditto_forensic_fieldstation
cru-inc/ditto_forensic_fieldstation_firmware < 2013jun30a
Published Jan 07, 2014
Tracked Since Feb 18, 2026