本页列出影响 logitech harmony_hub_firmware 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-15723 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). | [email protected] | 9.8 | 3.70% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15722 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. | [email protected] | 8.1 | 1.64% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15721 | The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. | [email protected] | 9.8 | 1.82% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15720 | Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | [email protected] | 9.8 | 1.49% | 2018-12-20 | 2026-06-16 |