Unspecified Vulnerability in Green Electronics RainMachine Mini-8 and Touch HD 12 Web Applications

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

CVE-2018-6908

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

Cross site scripting

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Design/Logic Flaw

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

Authentication flaw

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6906

The CVE-2018-6906 entry concerns a persistent Cross-Site Scripting (XSS) vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. According to the sources, an attacker can inject arbitrary JavaScript through the REST API, enabling an XSS exposure tha...

CVE-2018-6907

The CVE-2018-6907 entry describes a CSRF vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application that could allow an attacker to control the RainMachine device via its REST API. Documents consistently identify the affected components as the RainMachi...

CVE-2018-6908

The CVE-2018-6908 entry affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Applications. The underlying issue is an authentication bypass in the web interface, enabling an unauthenticated attacker to perform authenticated actions by manipulating the HTTP Host header...