Logitech Harmony Hub Command Injection Vulnerability

Logitech Harmony Hub Command Injection Vulnerability

CVE-2018-15723 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

Learn more about our Web Application Penetration Testing UK.