CVE-2019-3983

MEDIUM

Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via UART

Title source: llm
STIX 2.1

Description

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/research/tra-2019-51

Scores

CVSS v3 6.8
EPSS 0.0171
EPSS Percentile 82.6%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
amazon/blink_xt2_sync_module_firmware < 2.13.11
Published Dec 11, 2019
Tracked Since Feb 18, 2026