CVE-2013-6881

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html - Exploit () http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html - Exploit
References () http://seclists.org/fulldisclosure/2013/Dec/80 - Exploit () http://seclists.org/fulldisclosure/2013/Dec/80 - Exploit
References () http://secunia.com/advisories/55989 - Vendor Advisory () http://secunia.com/advisories/55989 - Vendor Advisory
References () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/ - Vendor Advisory () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a/ - Vendor Advisory
References () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/ - Vendor Advisory () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a/ - Vendor Advisory
References () http://www.exploit-db.com/exploits/30396 - Exploit () http://www.exploit-db.com/exploits/30396 - Exploit

Information

Published : 2014-01-07 17:04

Updated : 2024-11-21 01:59


NVD link : CVE-2013-6881

Mitre link : CVE-2013-6881

CVE.ORG link : CVE-2013-6881


JSON object : View

Products Affected

cru-inc

  • ditto_forensic_fieldstation_firmware
  • ditto_forensic_fieldstation
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')