Skip to main content

Harmony Hub Firmware

4 CVEs product

Monthly

CVE-2018-15723 CRITICAL POC Act Now

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Hub Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-15722 HIGH This Week

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Harmony Hub Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-15721 CRITICAL POC Act Now

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harmony Hub Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-15720 CRITICAL POC Act Now

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harmony Hub Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Hub Firmware
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Harmony Hub Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harmony Hub Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harmony Hub Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy