CVE-2018-15723

Summary

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

Affected Software

VendorProductVersion RangeStatus
LogitechLogitech Harmony HubFirmware before 4.15.206affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

ADP Enrichment

CVE Program Container

Additional References

References