Vulnerability Details CVE-2018-15723
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.085
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-15723
-
cpe:2.3:h:logitech:harmony_hub:-
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.10.30
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.11.6
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.12.36
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.13.100
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.110
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.14.123
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.105
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.119
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.193
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.201
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.15.96
-
cpe:2.3:o:logitech:harmony_hub_firmware:4.9.40