Vulnerabilities > Logitech

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-8258 Code Injection vulnerability in Logitech Logi Options+
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
local
low complexity
logitech CWE-94
7.8
2024-08-25 CVE-2024-8011 Incorrect Authorization vulnerability in Logitech Options+
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
local
low complexity
logitech CWE-863
5.5
2022-08-19 CVE-2022-36263 Unspecified vulnerability in Logitech Streamlabs Desktop 1.9.0
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe.
local
low complexity
logitech
7.3
2022-05-03 CVE-2022-0916 Cross-Site Request Forgery (CSRF) vulnerability in Logitech Options
An issue was discovered in Logitech Options.
network
low complexity
logitech CWE-352
8.8
2022-04-12 CVE-2022-0915 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Logitech Sync
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574.
local
high complexity
logitech CWE-367
7.0
2021-08-11 CVE-2021-38547 Unspecified vulnerability in Logitech S120 Firmware and Z120 Firmware
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.
network
high complexity
logitech
5.9
2021-02-12 CVE-2021-20642 Unspecified vulnerability in Logitech Lan-W300N/Rs Firmware
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
network
low complexity
logitech
6.5
2021-02-12 CVE-2021-20641 Cross-Site Request Forgery (CSRF) vulnerability in Logitech Lan-W300N/Rs Firmware
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL.
network
low complexity
logitech CWE-352
6.5
2021-02-12 CVE-2021-20640 Classic Buffer Overflow vulnerability in Logitech Lan-W300N/Pgrb Firmware
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
low complexity
logitech CWE-120
6.8
2021-02-12 CVE-2021-20639 OS Command Injection vulnerability in Logitech Lan-W300N/Pgrb Firmware
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
low complexity
logitech CWE-78
6.8