Vulnerabilities > Amazon > Blink XT2 Sync Module Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2019-3984 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
network
low complexity
amazon CWE-78
critical
 10.0
10
2019-12-11 CVE-2019-3989 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
network
amazon CWE-78
critical
 9.3
9.3
2019-12-11 CVE-2019-3988 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
low complexity
amazon CWE-78
8.3
8.3
2019-12-11 CVE-2019-3987 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
low complexity
amazon CWE-78
8.3
8.3
2019-12-11 CVE-2019-3986 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
low complexity
amazon CWE-78
8.3
8.3
2019-12-11 CVE-2019-3985 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
low complexity
amazon CWE-78
8.3
8.3
2019-12-11 CVE-2019-3983 Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.
local
low complexity
amazon CWE-798
7.2
7.2