CVE-2022-0915 – Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation
https://notcve.org/view.php?id=CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. Se presenta una vulnerabilidad de condición de carrera de tiempo de comprobación (TOCTOU) en Logitech Sync para Windows versiones anteriores a 2.4.574. Una explotación con éxito de estas vulnerabilidades puede escalar el permiso al usuario del sistema • https://prosupport.logi.com/hc/en-us/articles/360040085114-Download-Logitech-Sync • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2021-38547
https://notcve.org/view.php?id=CVE-2021-38547
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them. Los altavoces Logitech Z120 y S120 hasta el 09-08-2021, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". • https://www.nassiben.com/glowworm-attack •
CVE-2021-20641
https://notcve.org/view.php?id=CVE-2021-20641
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en LOGITEC LAN-W300N/RS, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de una URL especialmente diseñada. Como resultado, se pueden realizar operaciones no deseadas en el dispositivo, como cambios en la configuración del dispositivo • https://jvn.jp/en/jp/JVN96783542/index.html https://www.elecom.co.jp/news/security/20210126-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-20642
https://notcve.org/view.php?id=CVE-2021-20642
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Una comprobación inapropiada o el manejo de condiciones excepcionales en LOGITEC LAN-W300N/RS, permite a un atacante remoto causar una condición de denegación de servicio (DoS) al enviar una URL especialmente diseñada • https://jvn.jp/en/jp/JVN96783542/index.html https://www.elecom.co.jp/news/security/20210126-01 •
CVE-2021-20640
https://notcve.org/view.php?id=CVE-2021-20640
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. Una vulnerabilidad de desbordamiento del búfer en LOGITEC LAN-W300N/PGRB, permite a un atacante con privilegios administrativos ejecutar un comando arbitrario del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/jp/JVN96783542/index.html https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E https://www.elecom.co.jp/news/security/20210126-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •