Vulnerability Details CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-15720
-
cpe:2.3:h:logitech:harmony_hub:-
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.10.30
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.11.6
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.12.36
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.13.100
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.110
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.123
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.105
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.119
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.193
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.201
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.96
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.9.40