2 matches found
Logitech Harmony Hub Command Injection Vulnerability
Logitech Harmony Hub is a remote control device from Logitech USA. A command injection vulnerability exists in Logitech Harmony Hub versions prior to 4.15.206, which can be exploited by a remote attacker to execute application-defined commands e.g., harmony.system?systeminfo by sending a speciall...
CVE-2018-15720
Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...