Vulnerability Details CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-6012
-
cpe:2.3:h:rainmachine:mini-8:-
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.539
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.558
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.574
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.636
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.700
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.712
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.750
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.844
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.851
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.900
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.925
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.926
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.974
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.975