Lucene search
K

32 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7592

Malware in sbrugna...

9.3CVSS8.2AI score0.01643EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7590

Malware in sbrugna...

9.8CVSS9.5AI score0.01495EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7591

Malware in sbrugna...

9.8CVSS9.5AI score0.01825EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7593

Malware in sbrugna...

9.8CVSS9.5AI score0.03699EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2019/03/05 5:2 a.m.108 views

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...

9.3CVSS9.6AI score0.03699EPSS
Exploits3References12
CNVD
CNVD
added 2018/12/21 12:0 a.m.5 views

Logitech Harmony Hub Command Injection Vulnerability

Logitech Harmony Hub is a remote control device from Logitech USA. A command injection vulnerability exists in Logitech Harmony Hub versions prior to 4.15.206, which can be exploited by a remote attacker to execute application-defined commands e.g., harmony.system?systeminfo by sending a speciall...

9.8CVSS8AI score0.03699EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/21 12:0 a.m.3 views

Logitech Harmony Hub OS Command Injection Vulnerability

Logitech Harmony Hub is a remote control device from Logitech USA. An operating system command injection vulnerability exists in Logitech Harmony Hub versions prior to 4.15.206, which can be exploited by an attacker to inject operating system commands by sending a time update request...

9.3CVSS7.8AI score0.01643EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 9:29 p.m.3 views

CVE-2018-15722

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

8.1CVSS5.8AI score0.01643EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 9:29 p.m.3 views

CVE-2018-15720

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

9.8CVSS5.8AI score0.01495EPSS
Exploits1References1
Prion
Prion
added 2018/12/20 9:29 p.m.11 views

Hardcoded credentials

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

7.5CVSS9.1AI score0.01495EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/20 9:29 p.m.14 views

CVE-2018-15720

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

9.8CVSS9.2AI score0.01495EPSS
Exploits1References1
NVD
NVD
added 2018/12/20 9:29 p.m.12 views

CVE-2018-15723

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...

9.8CVSS10AI score0.03699EPSS
Exploits1References1
NVD
NVD
added 2018/12/20 9:29 p.m.22 views

CVE-2018-15721

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...

9.8CVSS9.4AI score0.01825EPSS
Exploits1References1
Prion
Prion
added 2018/12/20 9:29 p.m.19 views

Authentication flaw

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...

7.5CVSS9.3AI score0.01825EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/20 9:29 p.m.15 views

CVE-2018-15722

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

9.3CVSS8.4AI score0.01643EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 9:29 p.m.4 views

CVE-2018-15721

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...

9.8CVSS5.8AI score0.01825EPSS
Exploits1References1
Prion
Prion
added 2018/12/20 9:29 p.m.16 views

Command injection

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

9.3CVSS8.3AI score0.01643EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/12/20 9:29 p.m.12 views

Command injection

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...

7.5CVSS9.8AI score0.03699EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/20 9:29 p.m.3 views

CVE-2018-15723

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands e.g. harmony.system?systeminfo...

9.8CVSS5.9AI score0.03699EPSS
Exploits1References1
CVE
CVE
added 2018/12/20 9:0 p.m.42 views

CVE-2018-15720

Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...

9.8CVSS9AI score0.01495EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder