Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by rainmachine
VAR-201811-0914
Vulnerability from variot - Updated: 2023-12-18 13:56A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0914",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web application",
"scope": "eq",
"trust": 1.0,
"vendor": "rainmachine",
"version": null
},
{
"model": "rainmachine web app",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics touch hd web application",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rainmachine:rainmachine_web_application:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6907"
}
]
},
"cve": "CVE-2018-6907",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6907",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-28252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6907",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6907",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-28252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-015",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "CNVD",
"id": "CNVD-2019-28252"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6907",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"id": "VAR-201811-0914",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
}
],
"trust": 1.5499999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
}
]
},
"last_update_date": "2023-12-18T13:56:50.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TopPage",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6907"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6907"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"date": "2018-11-01T17:29:01",
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014551"
},
{
"date": "2019-02-15T17:51:58.947000",
"db": "NVD",
"id": "CVE-2018-6907"
},
{
"date": "2019-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28252"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-015"
}
],
"trust": 0.6
}
}
VAR-201811-0915
Vulnerability from variot - Updated: 2023-12-18 13:52An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are products of American C Company. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0915",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touch hd 12",
"scope": "lte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.974"
},
{
"model": "mini-8",
"scope": "lte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.975"
},
{
"model": "touch hd 12",
"scope": "gte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.539"
},
{
"model": "mini-8",
"scope": "gte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.539"
},
{
"model": "mini 8",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "touch hd 12",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics touch hd web application",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rainmachine:mini-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.975",
"versionStartIncluding": "4.0.539",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rainmachine:mini-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rainmachine:touch_hd_12_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.974",
"versionStartIncluding": "4.0.539",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rainmachine:touch_hd_12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6908"
}
]
},
"cve": "CVE-2018-6908",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6908",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-28247",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6908",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6908",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-28247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-016",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP \u0027Host\u0027 header, as demonstrated by retrieving credentials. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are products of American C Company. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "CNVD",
"id": "CNVD-2019-28247"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6908",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28247",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-016",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"id": "VAR-201811-0915",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
}
],
"trust": 1.4416666666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
}
]
},
"last_update_date": "2023-12-18T13:52:30.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6908"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6908"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"date": "2018-11-01T17:29:01.047000",
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28247"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014636"
},
{
"date": "2019-02-22T17:23:02.053000",
"db": "NVD",
"id": "CVE-2018-6908"
},
{
"date": "2019-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 and Touch HD 12 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-016"
}
],
"trust": 0.6
}
}
VAR-201811-0916
Vulnerability from variot - Updated: 2023-12-18 12:43A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an input validation vulnerability.Information may be tampered with. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application. An attacker could exploit this vulnerability to implement a clickjacking attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0916",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web application",
"scope": "eq",
"trust": 1.0,
"vendor": "rainmachine",
"version": null
},
{
"model": "rainmachine web app",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics touch hd web application",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rainmachine:rainmachine_web_application:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6909"
}
]
},
"cve": "CVE-2018-6909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6909",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-28248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6909",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6909",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-28248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-017",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an input validation vulnerability.Information may be tampered with. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application. An attacker could exploit this vulnerability to implement a clickjacking attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "CNVD",
"id": "CNVD-2019-28248"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6909",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28248",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-017",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"id": "VAR-201811-0916",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
}
],
"trust": 1.5499999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
}
]
},
"last_update_date": "2023-12-18T12:43:45.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6909"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6909"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"date": "2018-11-01T17:29:01.063000",
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28248"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014583"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-6909"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 and Touch HD 12 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-017"
}
],
"trust": 0.6
}
}
VAR-201811-0828
Vulnerability from variot - Updated: 2023-12-18 12:36The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Green Electronics RainMachine Mini-8 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mini-8",
"scope": "lte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.975"
},
{
"model": "mini-8",
"scope": "gte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.539"
},
{
"model": "mini 8",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini-8 no",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rainmachine:mini-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.975",
"versionStartIncluding": "4.0.539",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rainmachine:mini-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6012"
}
]
},
"cve": "CVE-2018-6012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6012",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-28250",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6012",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6012",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-28250",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-013",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The \u0027Weather Service\u0027 feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the \u0027Add new weather data source\u0027 upload function. Green Electronics RainMachine Mini-8 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "CNVD",
"id": "CNVD-2019-28250"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6012",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28250",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"id": "VAR-201811-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
}
]
},
"last_update_date": "2023-12-18T12:36:26.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6012"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6012"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"date": "2018-11-01T17:29:00.937000",
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28250"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"date": "2019-02-22T17:07:46.397000",
"db": "NVD",
"id": "CVE-2018-6012"
},
{
"date": "2019-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014635"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-013"
}
],
"trust": 0.6
}
}
VAR-201811-0827
Vulnerability from variot - Updated: 2023-12-18 12:00The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. Green Electronics RainMachine Mini-8 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA. No detailed details of the vulnerability are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0827",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mini-8",
"scope": "lte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.975"
},
{
"model": "mini-8",
"scope": "gte",
"trust": 1.0,
"vendor": "rainmachine",
"version": "4.0.539"
},
{
"model": "mini 8",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini-8 no",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rainmachine:mini-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.975",
"versionStartIncluding": "4.0.539",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rainmachine:mini-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6011"
}
]
},
"cve": "CVE-2018-6011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6011",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-28249",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6011",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6011",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-28249",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-012",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator\u0027s password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a \"Use of Password Hash Instead of Password for Authentication\" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. Green Electronics RainMachine Mini-8 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA. No detailed details of the vulnerability are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "CNVD",
"id": "CNVD-2019-28249"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6011",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28249",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-012",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"id": "VAR-201811-0827",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
}
]
},
"last_update_date": "2023-12-18T12:00:52.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6011"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6011"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"date": "2018-11-01T17:29:00.907000",
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28249"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014634"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-6011"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-012"
}
],
"trust": 0.6
}
}
VAR-201811-0913
Vulnerability from variot - Updated: 2023-12-18 12:00A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0913",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web application",
"scope": "eq",
"trust": 1.0,
"vendor": "rainmachine",
"version": null
},
{
"model": "rainmachine web app",
"scope": null,
"trust": 0.8,
"vendor": "green",
"version": null
},
{
"model": "electronics touch hd web application",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
},
{
"model": "electronics rainmachine mini",
"scope": null,
"trust": 0.6,
"vendor": "green",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rainmachine:rainmachine_web_application:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6906"
}
]
},
"cve": "CVE-2018-6906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6906",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-28251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-6906",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6906",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-28251",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-014",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "CNVD",
"id": "CNVD-2019-28251"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6906",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-28251",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"id": "VAR-201811-0913",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
}
],
"trust": 1.5499999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
}
]
},
"last_update_date": "2023-12-18T12:00:52.656000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TopPage",
"trust": 0.8,
"url": "https://www.rainmachine.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6906"
},
{
"trust": 1.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6906"
},
{
"trust": 0.6,
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"date": "2018-11-01T17:29:00.967000",
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014550"
},
{
"date": "2019-02-15T17:48:00.410000",
"db": "NVD",
"id": "CVE-2018-6906"
},
{
"date": "2019-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-28251"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-014"
}
],
"trust": 0.6
}
}
CVE-2018-6909 (GCVE-0-2018-6909)
Vulnerability from cvelistv5 – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6909",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6906 (GCVE-0-2018-6906)
Vulnerability from cvelistv5 – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6906",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6907 (GCVE-0-2018-6907)
Vulnerability from cvelistv5 – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6907",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6909 (GCVE-0-2018-6909)
Vulnerability from nvd – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6909",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6906 (GCVE-0-2018-6906)
Vulnerability from nvd – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6906",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6907 (GCVE-0-2018-6907)
Vulnerability from nvd – Published: 2018-11-01 17:00 – Updated: 2024-08-05 06:17- n/a
| URL | Tags |
|---|---|
| http://www.irongeek.com/i.php?page=videos/bsidesr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger",
"refsource": "MISC",
"url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6907",
"datePublished": "2018-11-01T17:00:00.000Z",
"dateReserved": "2018-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}