Amazon Blink Xt2 Sync Module Firmware vulnerabilities
7 known vulnerabilities affecting amazon/blink_xt2_sync_module_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-3989P2CRITICALCVSS 9.8fixed in 2.13.112019-12-11
CVE-2019-3989 [CRITICAL] CWE-78 CVE-2019-3989: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
nvd
CVE-2019-3984P2CRITICALCVSS 9.8fixed in 2.3.11vprior to 2.13.112019-12-31
CVE-2019-3984 [CRITICAL] CWE-78 CVE-2019-3984: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
nvd
CVE-2019-3987P3HIGHCVSS 8.8fixed in 2.13.112019-12-11
CVE-2019-3987 [HIGH] CWE-78 CVE-2019-3987: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
nvd
CVE-2019-3988P3HIGHCVSS 8.8fixed in 2.13.112019-12-11
CVE-2019-3988 [HIGH] CWE-78 CVE-2019-3988: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
nvd
CVE-2019-3985P3HIGHCVSS 8.8fixed in 2.13.112019-12-11
CVE-2019-3985 [HIGH] CWE-78 CVE-2019-3985: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
nvd
CVE-2019-3986P3HIGHCVSS 8.8fixed in 2.13.112019-12-11
CVE-2019-3986 [HIGH] CWE-78 CVE-2019-3986: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary command
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
nvd
CVE-2019-3983P4MEDIUMCVSS 6.8fixed in 2.13.112019-12-11
CVE-2019-3983 [MEDIUM] CWE-798 CVE-2019-3983: Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code an
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.
nvd