Vulnerabilities > Amazon > Blink XT2 Sync Module Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-3988 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
low complexity
amazon CWE-78
8.8
8.8
2019-12-11 CVE-2019-3987 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
low complexity
amazon CWE-78
8.8
8.8
2019-12-11 CVE-2019-3986 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
low complexity
amazon CWE-78
8.8
8.8
2019-12-11 CVE-2019-3985 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
low complexity
amazon CWE-78
8.8
8.8