EUVD-2018-18650

Malware in sbrugna...

EUVD-2018-17774

Malware in sbrugna...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the application logic in the Green Electronics RainMachine Mini-8 Generation 2 that stems from a function that generates a 6-digit temporary password using a has...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...

CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

CVE-2018-6908

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

Code injection

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

Authentication flaw

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

CVE-2018-6012

CVE-2018-6012 affects the Green Electronics RainMachine Mini-8 (2nd generation). The vulnerability lies in the Weather Service feature: an attacker can inject arbitrary Python code through the 'Add new weather data source' upload function. This implies potential remote code execution with network...

CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

CVE-2018-6906

The CVE-2018-6906 entry concerns a persistent Cross-Site Scripting (XSS) vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. According to the sources, an attacker can inject arbitrary JavaScript through the REST API, enabling an XSS exposure tha...

CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

CVE-2018-6907

The CVE-2018-6907 entry describes a CSRF vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application that could allow an attacker to control the RainMachine device via its REST API. Documents consistently identify the affected components as the RainMachi...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

CVE-2018-6011

The time-based one-time-password TOTP function in the application logic of the Green Electronics RainMachine Mini-8 2nd generation uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of...

CVE-2018-6908

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6908

The CVE-2018-6908 entry affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Applications. The underlying issue is an authentication bypass in the web interface, enabling an unauthenticated attacker to perform authenticated actions by manipulating the HTTP Host header...