Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Green Electronics RainMachine Mini-8 授权问题漏洞
Vulnerability Description
Green Electronics RainMachine Mini-8是美国Green Electronics公司的一款智能灌溉喷水器。 Green Electronics RainMachine Mini-8(第2代)中的应用程序逻辑存在安全漏洞,该漏洞源于函数使用管理员的密码哈希生成6位数的临时密码。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS Information
N/A
Vulnerability Type
N/A