CVE-2019-3986

HIGH

Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via WiFi Configuration Encryption Parameter

Title source: llm
STIX 2.1

Description

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/research/tra-2019-51

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 67.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
amazon/blink_xt2_sync_module_firmware < 2.13.11
Published Dec 11, 2019
Tracked Since Feb 18, 2026