Logitech Harmony Hub Firmware vulnerabilities
4 known vulnerabilities affecting logitech/harmony_hub_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2018-15721P2CRITICALCVSS 9.8fixed in 4.15.2062018-12-20
CVE-2018-15721 [CRITICAL] CWE-287 CVE-2018-15721: The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypa
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
nvd
CVE-2018-15723P2CRITICALCVSS 9.8fixed in 4.15.2062018-12-20
CVE-2018-15723 [CRITICAL] CWE-346 CVE-2018-15723: The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injectio
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
nvd
CVE-2018-15720P3CRITICALCVSS 9.8fixed in 4.15.2062018-12-20
CVE-2018-15720 [CRITICAL] CWE-798 CVE-2018-15720: Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server th
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
nvd
CVE-2018-15722P3HIGHCVSS 8.1fixed in 4.15.2062018-12-20
CVE-2018-15722 [HIGH] CWE-78 CVE-2018-15722: The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
nvd