Aggregates CVE and security vulnerability intelligence across all logitech-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, vendor risk buffer overflow, and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-12506 | Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | [email protected] | 8.8 | 1.35% | 2019-06-07 | 2026-06-16 |
| CVE-2018-15723 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). | [email protected] | 9.8 | 3.70% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15722 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. | [email protected] | 8.1 | 1.64% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15721 | The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. | [email protected] | 9.8 | 1.82% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15720 | Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | [email protected] | 9.8 | 1.49% | 2018-12-20 | 2026-06-16 |
| CVE-2018-0621 | Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | [email protected] | 7.8 | 0.88% | 2018-07-26 | 2026-06-16 |
| CVE-2018-0620 | Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | [email protected] | 7.8 | 0.88% | 2018-07-26 | 2026-06-16 |
| CVE-2017-16568 | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation of this vulnerability can lead to Session hijacking and unauthorized access, Persistent manipulation of web content within the application, and Phishing or malicious redirects to exte | [email protected] | 5.4 | 1.98% | 2017-11-09 | 2026-06-16 |
| CVE-2017-16567 | Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a pot | [email protected] | 5.4 | 2.24% | 2017-11-09 | 2026-06-16 |
| CVE-2017-15687 | DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | [email protected] | 6.1 | 1.45% | 2017-10-23 | 2026-06-16 |
| CVE-2016-6257 | The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | [email protected] | 6.5 | 1.03% | 2016-08-02 | 2026-06-16 |
| CVE-2012-1250 | Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. | [email protected] | 10.0 | 5.87% | 2012-06-04 | 2026-06-16 |
| CVE-2008-0956 | Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. | [email protected] | 9.3 | 8.39% | 2008-06-11 | 2026-06-16 |
| CVE-2007-2918 | Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | [email protected] | 6.8 | 34.06% | 2007-05-31 | 2026-06-16 |
| CVE-2002-1722 | Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. | [email protected] | 4.6 | 0.37% | 2002-12-31 | 2026-06-16 |
| CVE-2001-0737 | A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. | [email protected] | 7.5 | 1.70% | 2001-10-18 | 2026-06-16 |