Logitech

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12506 1Logitech 1R700 Laser Presentation Remote Firmware Nov 21, 2024 Jun 7, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keyst...Show more Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.Show less
CVE-2018-15723 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application de...Show more The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).Show less
CVE-2018-15722 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
CVE-2018-15721 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
CVE-2018-15720 1Logitech 1Harmony Hub Firmware Nov 21, 2024 Dec 20, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
CVE-2018-0621 1Logitech 1Connection Utility Software Nov 21, 2024 Jul 26, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0620 1Logitech 1Game Software Nov 21, 2024 Jul 26, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-16568 1Logitech 1Media Server May 13, 2026 Nov 10, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanent...Show more Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation of this vulnerability can lead to Session hijacking and unauthorized access, Persistent manipulation of web content within the application, and Phishing or malicious redirects to external domains. This vulnerability can be exploited to manipulate media server behavior in enterprise and home network environments.Show less
CVE-2017-16567 1Logitech 1Media Server May 13, 2026 Nov 10, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript paylo...Show more Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a potential risk for widespread exploitation in connected IoT environments.Show less
CVE-2017-15687 1Logitech 1Media Server May 13, 2026 Oct 23, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
CVE-2016-6257 4Amazonbasics DellLenovo+1 more 5Firmware Km632 FirmwareKm714 Firmware+2 more May 6, 2026 Aug 2, 2016 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which...Show more The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."Show less
CVE-2012-1250 1Logitech 1Lan W300n/ru2 Firmware Apr 29, 2026 Jun 4, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authenticati...Show more Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.Show less
CVE-2008-0956 2Backweb Logitech 2Backweb Desktop Manager Apr 23, 2026 Jun 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager...Show more Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2007-2918 1Logitech 1Videocall Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.d...Show more Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.Show less
CVE-2002-1722 1Logitech 3Cordless Freedom Itouch Keyboard Cordless Itouch KeyboardItouch Keyboard Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
CVE-2001-0737 1Logitech 4Cordless Freedom Cordless Freedom NavigatorCordless Freedom Pro+1 more Apr 16, 2026 Oct 18, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack.

Previous 12