Sign-up

ID

VAR-201812-0058


CVE

CVE-2018-15723


TITLE

Logitech Harmony Hub Command Injection Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2018-26802 // JVNDB: JVNDB-2018-014133 // CNNVD: CNNVD-201812-959

DESCRIPTION

The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). Logitech Harmony Hub is a remote control device from Logitech. A command injection vulnerability exists in versions prior to LogitechHarmonyHub 4.125.06

Trust: 2.16

sources: NVD: CVE-2018-15723 // JVNDB: JVNDB-2018-014133 // CNVD: CNVD-2018-26802

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-26802

AFFECTED PRODUCTS

vendor:logitechmodel:harmony hubscope:ltversion:4.15.206

Trust: 2.4

sources: CNVD: CNVD-2018-26802 // JVNDB: JVNDB-2018-014133 // NVD: CVE-2018-15723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15723
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15723
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-26802
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201812-959
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-15723
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-26802
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-15723
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-26802 // JVNDB: JVNDB-2018-014133 // CNNVD: CNNVD-201812-959 // NVD: CVE-2018-15723

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.8

sources: JVNDB: JVNDB-2018-014133 // NVD: CVE-2018-15723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-959

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-959

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014133

PATCH
title:Harmony Hub firmware (v4.15.206)url:https://support.myharmony.com/en-de/release-notes
Trust: 0.8
title:LogitechHarmonyHub command to inject vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/148507
Trust: 0.6
title:Logitech Harmony Hub Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88117
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-26802 // 
            
            
            
            JVNDB: JVNDB-2018-014133 // 
            
            
            
            CNNVD: CNNVD-201812-959

EXTERNAL IDS
db:NVDid:CVE-2018-15723
Trust: 3.0
db:TENABLEid:TRA-2018-47
Trust: 3.0
db:JVNDBid:JVNDB-2018-014133
Trust: 0.8
db:CNVDid:CNVD-2018-26802
Trust: 0.6
db:CNNVDid:CNNVD-201812-959
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-26802 // 
            
            
            
            JVNDB: JVNDB-2018-014133 // 
            
            
            
            CNNVD: CNNVD-201812-959 // 
            
            
            
            NVD: CVE-2018-15723

REFERENCES
url:https://www.tenable.com/security/research/tra-2018-47
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15723
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15723
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-26802 // 
            
            
            
            JVNDB: JVNDB-2018-014133 // 
            
            
            
            CNNVD: CNNVD-201812-959 // 
            
            
            
            NVD: CVE-2018-15723

SOURCES
db:CNVDid:CNVD-2018-26802
db:JVNDBid:JVNDB-2018-014133
db:CNNVDid:CNNVD-201812-959
db:NVDid:CVE-2018-15723

LAST UPDATE DATE
2024-11-23T22:06:27.737000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-26802date:2018-12-28T00:00:00
db:JVNDBid:JVNDB-2018-014133date:2019-03-12T00:00:00
db:CNNVDid:CNNVD-201812-959date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15723date:2024-11-21T03:51:20.690

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-26802date:2018-12-27T00:00:00
db:JVNDBid:JVNDB-2018-014133date:2019-03-12T00:00:00
db:CNNVDid:CNNVD-201812-959date:2018-12-21T00:00:00
db:NVDid:CVE-2018-15723date:2018-12-20T21:29:00.777