PT-2018-13171 · Logitech · Logitech Harmony Hub

Published

2018-12-20

Updated

2019-10-09

CVE-2018-15721

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Logitech Harmony Hub versions prior to 4.15.206

Description The issue concerns an authentication bypass vulnerability in the XMPP server of the Logitech Harmony Hub. This vulnerability can be exploited by remote attackers using a crafted XMPP request to gain unauthorized access to the local API.

Recommendations For versions prior to 4.15.206, update to version 4.15.206 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-15721

Affected Products

Logitech Harmony Hub

PT-2018-13171 · Logitech · Logitech Harmony Hub

CVE-2018-15721

Weakness Enumeration

Related Identifiers

Affected Products

References · 3