Vulnerabilities > Logitech > Harmony HUB Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-15720 | Use of Hard-coded Credentials vulnerability in Logitech Harmony HUB Firmware Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | 9.8 |
| 2018-12-20 | CVE-2018-15721 | Improper Authentication vulnerability in Logitech Harmony HUB Firmware The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. | 9.8 |
| 2018-12-20 | CVE-2018-15723 | Unspecified vulnerability in Logitech Harmony HUB Firmware The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. | 9.8 |