Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logitech vulnerabilities and exploits
(subscribe to this query)
296
VMScore
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.
Logitech Unifying Receiver Firmware -
6 Github repositories
297
VMScore
CVE-2019-13054
The Logitech R500 presentation clicker allows malicious users to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.
Logitech R500 Firmware -
9 Github repositories
296
VMScore
CVE-2019-13055
Certain Logitech Unifying devices allow malicious users to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.
Logitech Unifying Receiver Firmware -
Logitech K360 Firmware -
8 Github repositories
294
VMScore
CVE-2016-10761
Logitech Unifying devices prior to 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
Logitech K400r Firmware -
Logitech K360 Firmware -
Logitech K750 Firmware -
Logitech K830 Firmware -
Logitech Unifying Receiver Firmware 012.001.00019
Logitech Unifying Receiver Firmware 012.003.00025
296
VMScore
CVE-2019-13052
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.
Logitech Unifying Receiver Firmware -
8 Github repositories
739
VMScore
CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install m...
Logitech R700 Laser Presentation Remote Firmware Wd802xm
Logitech R700 Laser Presentation Remote Firmware Wd904xm
668
VMScore
CVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.
Logitech Harmony Hub Firmware
668
VMScore
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
Logitech Harmony Hub Firmware
828
VMScore
CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
Logitech Harmony Hub Firmware
668
VMScore
CVE-2018-15723
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
Logitech Harmony Hub Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »