3 matches found
CVE-2018-6012
CVE-2018-6012 affects the Green Electronics RainMachine Mini-8 (2nd generation). The vulnerability lies in the Weather Service feature: an attacker can inject arbitrary Python code through the 'Add new weather data source' upload function. This implies potential remote code execution with network...
CVE-2018-6011
The CVE-2018-6011 entry concerns the Green Electronics RainMachine Mini-8 (2nd generation). The TOTP function in the device’s application logic uses the administrator’s password hash to generate a 6-digit temporary passcode, enabling remote or local access. Affected component: the rainmachine-set...
CVE-2018-6908
The CVE-2018-6908 entry affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Applications. The underlying issue is an authentication bypass in the web interface, enabling an unauthenticated attacker to perform authenticated actions by manipulating the HTTP Host header...