Harmony Hub Firmware

harmony_hub_firmware

Vendor: Logitech • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-15723 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application de...Show more The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).Show less
CVE-2018-15722 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
CVE-2018-15721 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
CVE-2018-15720 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.