CVE-2013-6884
published 2014-01-07CVE-2013-6884: The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers…
PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.27%
95.1th percentile
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cru-inc | ditto_forensic_fieldstation_firmware | <= 2013jun30a | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSH login attempts using the default credential pair username='ditto' / password='ditto' against CRU Ditto FieldStation devices on the network. ↗
- →Monitor for SSHd connections originating from or destined to the network port labeled 'source' on CRU Ditto devices, as SSHd binds to this interface intended for hostile/evidence network environments. ↗
- →Alert on execution of 'dd if=/dev/zero of=/dev/sda' or similar destructive dd commands on CRU Ditto devices, indicating exploitation of the missing write-block enforcement. ↗
- →Detect POST requests to the Ditto web application that change disk erase technique settings, which may indicate CSRF exploitation (CVE-2013-6883) chained with this credential weakness. ↗
- ·The web server lighttpd and PHP engine run as root on the device, meaning any web application injection also yields full system access — not just the SSH default-credential path. ↗
- ·The embedded Linux system mounts its system partition as writable, enabling persistent malware deployment on the device. ↗
- ·Netcat is present and active on the device alongside SSHd, expanding the attack surface beyond SSH alone. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2013/Dec/80http://secunia.com/advisories/55989http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/http://www.exploit-db.com/exploits/30396http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2013/Dec/80http://secunia.com/advisories/55989http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/http://www.exploit-db.com/exploits/30396
2014-01-07
Published