Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logitech vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2016-10761
Logitech Unifying devices prior to 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
Logitech K400r Firmware -
Logitech K360 Firmware -
Logitech K750 Firmware -
Logitech K830 Firmware -
Logitech Unifying Receiver Firmware 012.001.00019
Logitech Unifying Receiver Firmware 012.003.00025
4.3
CVSSv2
CVE-2017-15687
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
Logitech Media Server 7.7.6
Logitech Media Server 7.9.0
Logitech Media Server 7.9.1
Logitech Media Server 7.7.2
Logitech Media Server 7.7.5
Logitech Media Server 7.7.1
Logitech Media Server 7.7.3
1 EDB exploit
7.5
CVSSv2
CVE-2001-0737
A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote malicious user to hijack connections via a man-in-the-middle attack.
Logitech Cordless Freedom
Logitech Cordless Itouch Keyboard
Logitech Cordless Freedom Navigator
Logitech Cordless Freedom Pro
3.3
CVSSv2
CVE-2019-13055
Certain Logitech Unifying devices allow malicious users to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.
Logitech Unifying Receiver Firmware -
Logitech K360 Firmware -
8 Github repositories
4.3
CVSSv2
CVE-2021-38547
Logitech Z120 and S120 speakers through 2021-08-09 allow remote malicious users to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to ...
Logitech Z120 Firmware
Logitech S120 Firmware
4.6
CVSSv2
CVE-2002-1722
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
Logitech Cordless Freedom Itouch Keyboard
Logitech Cordless Itouch Keyboard
Logitech Itouch Keyboard
8.3
CVSSv2
CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install m...
Logitech R700 Laser Presentation Remote Firmware Wd802xm
Logitech R700 Laser Presentation Remote Firmware Wd904xm
3.3
CVSSv2
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.
Logitech Unifying Receiver Firmware -
6 Github repositories
3.3
CVSSv2
CVE-2019-13054
The Logitech R500 presentation clicker allows malicious users to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.
Logitech R500 Firmware -
9 Github repositories
7.5
CVSSv2
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
Logitech Harmony Hub Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »