CVE-2018-15723

CRITICAL

Logitech Harmony Hub Firmware < 4.15.206 - Origin Validation Error

Title source: rule

Description

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2018-47

Scores

CVSS v3 9.8

EPSS 0.0732

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status published

Affected Products (1)

logitech/harmony_hub_firmware < 4.15.206

Timeline

Published Dec 20, 2018

Tracked Since Feb 18, 2026