The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Harmony_hub_firmware | Logitech | * | 4.15.206 (excluding) |