CVE-2018-6907

2018-11-0117:00:00

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.

References

www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger