CVE-2018-15723

CRITICAL

Logitech Harmony Hub < 4.15.206 - Unauthenticated Command Injection via Crafted HTTP Request

Title source: llm
STIX 2.1

Description

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-47

Scores

CVSS v3 9.8
EPSS 0.0370
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-346
Status published
Products (1)
logitech/harmony_hub_firmware < 4.15.206
Published Dec 20, 2018
Tracked Since Feb 18, 2026