CVE-2018-6908

Name of the Vulnerable Software and Affected Versions Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 (affected versions not specified)

Description An authentication bypass issue exists in the web application, allowing an unauthenticated attacker to perform actions that should require authentication. This is achieved by manipulating the Host header in HTTP requests with a 127.0.0.1:port value, enabling the attacker to retrieve sensitive information such as credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.