Logitech Harmony Hub
Approved changes feed: RSS · Atom
cpe:2.3:h:logitech:harmony_hub:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Logitech (0fc4c79a-24db-5215-9f1c-10d0889a03d8) |
|---|---|
| Product | Harmony Hub (a1914f4a-14bb-5e48-b8e5-be714d9a3b9d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-15723 |
not_vulnerable | 2026-06-03 14:38:14.230805 |
Details available
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
Published: 2018-12-20T21:00:00.000Z
Updated: 2024-09-17T02:10:50.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15722 |
not_vulnerable | 2026-06-03 14:38:14.230261 |
Details available
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
Published: 2018-12-20T21:00:00.000Z
Updated: 2024-09-17T02:42:06.972Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15721 |
not_vulnerable | 2026-06-03 14:38:14.229901 |
Details available
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
Published: 2018-12-20T21:00:00.000Z
Updated: 2024-09-17T02:26:25.523Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15720 |
not_vulnerable | 2026-06-03 14:38:14.229344 |
Details available
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
Published: 2018-12-20T21:00:00.000Z
Updated: 2024-09-16T20:59:02.021Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.