CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt