CVE-2019-3988

HIGH

Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via BSSID Parameter

Title source: llm
STIX 2.1

Description

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/research/tra-2019-51

Scores

CVSS v3 8.8
EPSS 0.0073
EPSS Percentile 72.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
amazon/blink_xt2_sync_module_firmware < 2.13.11
Published Dec 11, 2019
Tracked Since Feb 18, 2026