Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Logitech Subscribe
Filtered by product Harmony Hub
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15723 1 Logitech 2 Harmony Hub, Harmony Hub Firmware 2019-10-09 7.5 HIGH 9.8 CRITICAL
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
CVE-2018-15720 1 Logitech 2 Harmony Hub, Harmony Hub Firmware 2019-10-09 7.5 HIGH 9.8 CRITICAL
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
CVE-2018-15721 1 Logitech 2 Harmony Hub, Harmony Hub Firmware 2019-10-09 7.5 HIGH 9.8 CRITICAL
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
CVE-2018-15722 1 Logitech 2 Harmony Hub, Harmony Hub Firmware 2019-10-09 9.3 HIGH 8.1 HIGH
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.