CVE-2018-15722

EPSS 1.6%CWE-78

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.

Affected products

Logitech · Logitech Harmony Hub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tenable.com/security/research/tra-2018-47