CVE-2013-6884

2014-01-0717:04:51

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.034

Percentile

91.6%

JSON

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default “ditto” username and password, which allows remote attackers to gain privileges.

Affected configurations

Nvd

Node

cru-incditto_forensic_fieldstation_firmwareRange≤2013jun30a

AND

cru-incditto_forensic_fieldstationMatch-

VendorProductVersionCPE
cru-incditto_forensic_fieldstation_firmware*cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*
cru-incditto_forensic_fieldstation-cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cru-inc	ditto_forensic_fieldstation_firmware	*	cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware::::::::
cru-inc	ditto_forensic_fieldstation	-	cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:::::::*