CVE-2013-6881

Published: Jan 7, 2014Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

Affected (2)

Products: Cru Inc: Ditto Forensic Fieldstation Firmware, Ditto Forensic Fieldstation

Cru Inc

2 products

Ditto Forensic Fieldstation Firmware

Ditto Forensic Fieldstation

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cru Inc Ditto Forensic Fieldstation Firmware	Up to 2013jun30a
Cru Inc Ditto Forensic Fieldstation	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (12)

http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2013/Dec/80

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/55989

Source: cve@mitre.org

Vendor Advisory

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/

Source: cve@mitre.org

Vendor Advisory

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/30396

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html