CVE-2018-15723

Published: Dec 20, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

Affected (1)

Products: Logitech: Harmony Hub Firmware

1 product

Harmony Hub Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Logitech Harmony Hub Firmware	Before 4.15.206

Running on/with	Platform Versions
Logitech Harmony Hub	All versions

Related CWEs

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://www.tenable.com/security/research/tra-2018-47

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2018-47

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.