The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2018-47 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2018-12-19T00:00:00
Updated: 2018-12-20T20:57:01
Reserved: 2018-08-22T00:00:00
Link: CVE-2018-15723
JSON object: View
NVD Information
Status : Modified
Published: 2018-12-20T21:29:00.777
Modified: 2019-10-09T23:35:50.563
Link: CVE-2018-15723
JSON object: View
Redhat Information
No data.