CVE-2018-6908 - OpenCVE

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Rainmachine	Mini-8 Touch Hd 12 Firmware Mini-8 Firmware Touch Hd 12

Configuration 1 [-]

AND

cpe:2.3:o:rainmachine:mini-8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rainmachine:mini-8:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rainmachine:touch_hd_12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rainmachine:touch_hd_12:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-11-01T17:00:00

Updated: 2018-11-01T16:57:01

Reserved: 2018-02-11T00:00:00

Link: CVE-2018-6908

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-11-01T17:29:01.047

Modified: 2019-02-22T17:23:02.053

Link: CVE-2018-6908

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-01T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6908", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger", "refsource": "MISC", "url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6908", "datePublished": "2018-11-01T17:00:00", "dateReserved": "2018-02-11T00:00:00", "dateUpdated": "2018-11-01T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rainmachine:mini-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FA2D3D-D1F5-426D-BA92-6B10DAD4659A", "versionEndIncluding": "4.0.975", "versionStartIncluding": "4.0.539", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rainmachine:mini-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "77C018AE-0D75-409A-86AF-9E2654035F55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rainmachine:touch_hd_12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0282394-AD4B-4148-A0E5-B7337B4E7385", "versionEndIncluding": "4.0.974", "versionStartIncluding": "4.0.539", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rainmachine:touch_hd_12:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DB35716-EB3D-48A0-B0FE-C5E57DE78A93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Green Electronics RainMachine Mini-8 (2\u00aa generaci\u00f3n) y la aplicaci\u00f3n web Touch HD 12 permite que un atacante no autenticado realice acciones autenticadas en el dispositivo mediante un valor 127.0.0.1:port en la cabecera HTTP \"Host\", tal y como queda demostrado con la recuperaci\u00f3n de credenciales."}], "id": "CVE-2018-6908", "lastModified": "2019-02-22T17:23:02.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-01T17:29:01.047", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}