The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
[
{
"product": "Logitech Harmony Hub",
"vendor": "Logitech",
"versions": [
{
"status": "affected",
"version": "Firmware before 4.15.206"
}
]
}
]