CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

logitech

harmony_hub_firmware

4 known vulnerabilities · sorted by CVSS score

CVE-2018-15723

CRITICAL9.8

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

logitech / harmony_hub_firmware

Network

Published Dec 20, 2018

CVE-2018-15720

CRITICAL9.8

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.

logitech / harmony_hub_firmware

Network

Published Dec 20, 2018

CVE-2018-15721

CRITICAL9.8

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.

logitech / harmony_hub_firmware

Network

Published Dec 20, 2018

CVE-2018-15722

HIGH8.1

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.

logitech / harmony_hub_firmware

Network

Published Dec 20, 2018