PT-2018-13173 · Logitech · Logitech Harmony Hub
Published
2018-12-20
·
Updated
2019-10-09
·
CVE-2018-15723
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Logitech Harmony Hub versions prior to 4.15.206
Description
The issue allows an unauthenticated remote attacker to execute application-defined commands via crafted HTTP requests, potentially leveraging the "harmony.system?systeminfo" endpoint.
Recommendations
For versions prior to 4.15.206, update to version 4.15.206 or later to resolve the issue. As a temporary workaround, consider restricting access to the Harmony Hub to minimize the risk of exploitation.
Exploit
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logitech Harmony Hub