logitech CVE Vulnerabilities & CVE List (36)

Products (CPE): — CVEs: 36

logitech vulnerability overview

Aggregates CVE and security vulnerability intelligence across all logitech-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, vendor risk buffer overflow, and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise.

Vulnerability distribution trend (last 24 months)

Showing 2136 of 36 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2019-12506 Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. [email protected] 8.8 1.35% 2019-06-07 2026-06-16
CVE-2018-15723 The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). [email protected] 9.8 3.70% 2018-12-20 2026-06-16
CVE-2018-15722 The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. [email protected] 8.1 1.64% 2018-12-20 2026-06-16
CVE-2018-15721 The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. [email protected] 9.8 1.82% 2018-12-20 2026-06-16
CVE-2018-15720 Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. [email protected] 9.8 1.49% 2018-12-20 2026-06-16
CVE-2018-0621 Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. [email protected] 7.8 0.88% 2018-07-26 2026-06-16
CVE-2018-0620 Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. [email protected] 7.8 0.88% 2018-07-26 2026-06-16
CVE-2017-16568 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation of this vulnerability can lead to Session hijacking and unauthorized access, Persistent manipulation of web content within the application, and Phishing or malicious redirects to exte [email protected] 5.4 1.98% 2017-11-09 2026-06-16
CVE-2017-16567 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a pot [email protected] 5.4 2.24% 2017-11-09 2026-06-16
CVE-2017-15687 DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. [email protected] 6.1 1.45% 2017-10-23 2026-06-16
CVE-2016-6257 The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." [email protected] 6.5 1.03% 2016-08-02 2026-06-16
CVE-2012-1250 Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. [email protected] 10.0 5.87% 2012-06-04 2026-06-16
CVE-2008-0956 Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. [email protected] 9.3 8.39% 2008-06-11 2026-06-16
CVE-2007-2918 Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. [email protected] 6.8 34.06% 2007-05-31 2026-06-16
CVE-2002-1722 Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. [email protected] 4.6 0.37% 2002-12-31 2026-06-16
CVE-2001-0737 A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. [email protected] 7.5 1.70% 2001-10-18 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence