PT-2018-17815 · Green Electronics · Rainmachine Mini-8+1

Sam Granger

Published

2018-11-01

Updated

2019-02-15

CVE-2018-6907

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 (affected versions not specified)

Description A Cross Site Request Forgery (CSRF) issue in the web application of the affected devices allows an attacker to control the device via the REST API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-6907

Affected Products

Rainmachine Mini-8

Touch Hd 12

PT-2018-17815 · Green Electronics · Rainmachine Mini-8+1

CVE-2018-6907

Weakness Enumeration

Related Identifiers

Affected Products

References · 2