cvedb.io
CVE-2018-6908
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-11-01T17:29:01.047 · Last modified 2026-06-17T02:02:26.480

Summary

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials.

Affected products

rainmachine — mini-8_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when rainmachine ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.