4 matches found
CVE-2018-15721
CVE-2018-15721 affects Logitech Harmony Hub, where the XMPP server before 4.15.206 allows authentication bypass via a crafted XMPP request, enabling remote, unauthenticated access to the device’s local API. Connected sources confirm the vulnerability enables full control of the hub, with attacker...
CVE-2018-15720
Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...
CVE-2018-15722
CVE-2018-15722 affects the Logitech Harmony Hub prior to version 4.15.206, where an OS command injection vulnerability exists via the time update request. A remote attacker can inject shell commands by sending a crafted response to the time synchronization flow, enabling remote unauthenticated co...
CVE-2018-15723
The Logitech Harmony Hub is affected by CVE-2018-15723, with the vulnerability present in versions prior to 4.15.206. It is an application‑level command injection vulnerability exploitable via a crafted HTTP request, allowing an unauthenticated remote attacker to execute application defined comma...