24 matches found
EUVD-2018-7592
Malware in sbrugna...
EUVD-2018-7593
Malware in sbrugna...
EUVD-2018-7590
Malware in sbrugna...
EUVD-2018-7591
Malware in sbrugna...
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...
Logitech Harmony Hub Command Injection Vulnerability
Logitech Harmony Hub is a remote control device from Logitech USA. A command injection vulnerability exists in Logitech Harmony Hub versions prior to 4.15.206, which can be exploited by a remote attacker to execute application-defined commands e.g., harmony.system?systeminfo by sending a speciall...
Logitech Harmony Hub OS Command Injection Vulnerability
Logitech Harmony Hub is a remote control device from Logitech USA. An operating system command injection vulnerability exists in Logitech Harmony Hub versions prior to 4.15.206, which can be exploited by an attacker to inject operating system commands by sending a time update request...
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...
Hardcoded credentials
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...
CVE-2018-15723
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...
CVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...
Authentication flaw
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...
CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...
CVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...
Command injection
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...
CVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...
CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...
Logitech Harmony Hub UUID Detection via HTTP
Binary data 700257.prm...