cbcvebase.
CVE-2013-6884
published 2014-01-07

CVE-2013-6884: The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers…

PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.27%
95.1th percentile
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
cru-incditto_forensic_fieldstation_firmware<= 2013jun30a

Detection & IOCsextracted from sources · hover to see the quote

otherditto
  • Detect SSH login attempts using the default credential pair username='ditto' / password='ditto' against CRU Ditto FieldStation devices on the network.
  • Monitor for SSHd connections originating from or destined to the network port labeled 'source' on CRU Ditto devices, as SSHd binds to this interface intended for hostile/evidence network environments.
  • Alert on execution of 'dd if=/dev/zero of=/dev/sda' or similar destructive dd commands on CRU Ditto devices, indicating exploitation of the missing write-block enforcement.
  • Detect POST requests to the Ditto web application that change disk erase technique settings, which may indicate CSRF exploitation (CVE-2013-6883) chained with this credential weakness.
  • ·The web server lighttpd and PHP engine run as root on the device, meaning any web application injection also yields full system access — not just the SSH default-credential path.
  • ·The embedded Linux system mounts its system partition as writable, enabling persistent malware deployment on the device.
  • ·Netcat is present and active on the device alongside SSHd, expanding the attack surface beyond SSH alone.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.