Lucene search
K
LogitechHarmony Hub Firmware

4 matches found

CVE
CVE
added 2018/12/20 9:0 p.m.47 views

CVE-2018-15721

CVE-2018-15721 affects Logitech Harmony Hub, where the XMPP server before 4.15.206 allows authentication bypass via a crafted XMPP request, enabling remote, unauthenticated access to the device’s local API. Connected sources confirm the vulnerability enables full control of the hub, with attacker...

9.8CVSS9.2AI score0.01825EPSS
CVE
CVE
added 2018/12/20 9:0 p.m.42 views

CVE-2018-15720

Affected product: Logitech Harmony Hub. Vulnerability: hard-coded XMPP accounts in the hub’s XMPP server allow remote, unauthenticated access to the local API. Root cause: exposed credentials baked into the firmware prior to 4.15.206. Impact: potential remote control of the hub APIs; effect on co...

9.8CVSS9AI score0.01495EPSS
CVE
CVE
added 2018/12/20 9:0 p.m.41 views

CVE-2018-15722

CVE-2018-15722 affects the Logitech Harmony Hub prior to version 4.15.206, where an OS command injection vulnerability exists via the time update request. A remote attacker can inject shell commands by sending a crafted response to the time synchronization flow, enabling remote unauthenticated co...

9.3CVSS8.3AI score0.01643EPSS
CVE
CVE
added 2018/12/20 9:0 p.m.41 views

CVE-2018-15723

The Logitech Harmony Hub is affected by CVE-2018-15723, with the vulnerability present in versions prior to 4.15.206. It is an application‑level command injection vulnerability exploitable via a crafted HTTP request, allowing an unauthenticated remote attacker to execute application defined comma...

9.8CVSS9.9AI score0.03699EPSS