Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logitech vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2016-10761
Logitech Unifying devices prior to 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
Logitech K400r Firmware -
Logitech K360 Firmware -
Logitech K750 Firmware -
Logitech K830 Firmware -
Logitech Unifying Receiver Firmware 012.001.00019
Logitech Unifying Receiver Firmware 012.003.00025
6.1
CVSSv3
CVE-2017-15687
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
Logitech Media Server 7.7.6
Logitech Media Server 7.9.0
Logitech Media Server 7.9.1
Logitech Media Server 7.7.2
Logitech Media Server 7.7.5
Logitech Media Server 7.7.1
Logitech Media Server 7.7.3
1 EDB exploit
NA
CVE-2001-0737
A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote malicious user to hijack connections via a man-in-the-middle attack.
Logitech Cordless Freedom
Logitech Cordless Itouch Keyboard
Logitech Cordless Freedom Navigator
Logitech Cordless Freedom Pro
5.9
CVSSv3
CVE-2021-38547
Logitech Z120 and S120 speakers through 2021-08-09 allow remote malicious users to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to ...
Logitech Z120 Firmware
Logitech S120 Firmware
6.5
CVSSv3
CVE-2019-13055
Certain Logitech Unifying devices allow malicious users to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.
Logitech Unifying Receiver Firmware -
Logitech K360 Firmware -
8 Github repositories
NA
CVE-2002-1722
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
Logitech Cordless Freedom Itouch Keyboard
Logitech Cordless Itouch Keyboard
Logitech Itouch Keyboard
8.8
CVSSv3
CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install m...
Logitech R700 Laser Presentation Remote Firmware Wd802xm
Logitech R700 Laser Presentation Remote Firmware Wd904xm
7
CVSSv3
CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows before 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user.
Logitech Sync
8.8
CVSSv3
CVE-2022-0916
An issue exists in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Logitech Options
6.5
CVSSv3
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.
Logitech Unifying Receiver Firmware -
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »