Vulnerability Details CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
Products affected by CVE-2018-15722
-
cpe:2.3:h:logitech:harmony_hub:-
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.10.30
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.11.6
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.12.36
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.13.100
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.110
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.123
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.105
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.119
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.193
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.201
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.96
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.9.40