Описание
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.15.206 (исключая)
Одновременно
cpe:2.3:o:logitech:harmony_hub_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:logitech:harmony_hub:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07318
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-346
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
EPSS
Процентиль: 91%
0.07318
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-346
NVD-CWE-noinfo