Martin Wundram

**Name of the Vulnerable Software and Affected Versions** CRU Ditto Forensic FieldStation versions prior to 2013Oct15a **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. **Recommendations** For versions prior to 2013Oct15a, update the firmware to version 2013Oct15a or later to resolve the issue. As a temporary workaround, consider restricting access to the forensic imaging task to minimize the risk of exploitation. Avoid using shell metacharacters in the `sector size` or `skip count` fields until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CRU Ditto Forensic FieldStation versions prior to 2013Oct15a **Description** The issue concerns a default username and password for the `ditto` account in the write-blocker, allowing remote attackers to gain privileges. **Recommendations** For versions prior to 2013Oct15a, change the default `ditto` username and password to secure credentials as soon as possible to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** CRU Ditto Forensic FieldStation versions 2013Oct15a and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `username` parameter in a login. Additionally, remote authenticated users can inject arbitrary web script or HTML via unspecified form fields. **Recommendations** For CRU Ditto Forensic FieldStation versions 2013Oct15a and earlier, update the firmware to a version later than 2013Oct15a to resolve the issue. As a temporary workaround, consider restricting access to the login functionality and unspecified form fields to minimize the risk of exploitation. Avoid using the `username` parameter in the affected login endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CRU Ditto Forensic FieldStation versions prior to 2013Oct15a **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings. **Recommendations** For versions prior to 2013Oct15a, update the firmware to version 2013Oct15a or later to resolve the issue.