本頁列出影響 logitech harmony_hub_firmware 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-15723 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). | [email protected] | 9.8 | 3.70% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15722 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. | [email protected] | 8.1 | 1.64% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15721 | The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. | [email protected] | 9.8 | 1.82% | 2018-12-20 | 2026-06-16 |
| CVE-2018-15720 | Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | [email protected] | 9.8 | 1.49% | 2018-12-20 | 2026-06-16 |