384 matches found
CVE-2018-15722
CVE-2018-15722 affects the Logitech Harmony Hub prior to version 4.15.206, where an OS command injection vulnerability exists via the time update request. A remote attacker can inject shell commands by sending a crafted response to the time synchronization flow, enabling remote unauthenticated co...
CVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API...
CVE-2018-15720
Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...
CVE-2018-15721
CVE-2018-15721 affects Logitech Harmony Hub, where the XMPP server before 4.15.206 allows authentication bypass via a crafted XMPP request, enabling remote, unauthenticated access to the device’s local API. Connected sources confirm the vulnerability enables full control of the hub, with attacker...
Logitech Options < 7.10.3 Remote Command Execution Vulnerability - Windows
Logitech Options is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Logitech Keystroke Injection Flaw Went Unaddressed for Months
Computer peripheral giant Logitech has finally issued a patched version of its Logitech Options desktop app, after being taken to task for a months-old security flaw. The bug could have allowed adversaries to launch keystroke injection attacks against Logitech keyboard owners that used the app...
Logitech Options Detection (Windows SMB Login)
SMB login-based detection of Logitech Options. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Logitech SqueezeCenter/Media Server CLI Detection
The script tries to identify services supporting Logitech SqueezeCenter/Media Server CLI interface. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
partner.logitech.com XSS vulnerability
Open Bug Bounty ID: OBB-682027 Description| Value ---|--- Affected Website:| partner.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
alert.logitech.com XSS vulnerability
Open Bug Bounty ID: OBB-682026 Description| Value ---|--- Affected Website:| alert.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidd...
LOGICOOL CONNECTION UTILITY SOFTWARE Untrusted Search Path Vulnerability
LOGICOOL CONNECTION UTILITY SOFTWARE is a suite of software from the Swedish company LOGICOOL for restoring the connection of Logitech devices to non-Unifying wireless receivers. An untrusted search path vulnerability exists in LOGICOOL CONNECTION UTILITY SOFTWARE versions prior to 2.30.9, which...
CVE-2018-0621
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
meeting.logitech.com XSS vulnerability
Open Bug Bounty ID: OBB-635135 Description| Value ---|--- Affected Website:| meeting.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
partner.logitech.com XSS vulnerability
Open Bug Bounty ID: OBB-635134 Description| Value ---|--- Affected Website:| partner.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
blog.logitech.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-627431 Description| Value ---|--- Affected Website:| blog.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Logitech Harmony Hub Detection via HTTP
Binary data 700258.prm...
Logitech Harmony Hub UUID Detection via HTTP
Binary data 700257.prm...
The Logitech smart home management system, the Logitech Harmony Hub vulnerability analysis-vulnerability warning-the black bar safety net
! Recently, fireeye Mandiant Red Team team found that the Logitech smart IOT home management system the Logitech Harmony Hub, the presence of a plurality of available vulnerability, an attacker can exploit these vulnerabilities to bypass system restrictions, through SSH access to the device Syste...
support.logitech.com XSS vulnerability
Open Bug Bounty ID: OBB-615939 Description| Value ---|--- Affected Website:| support.logitech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...