CVE-2019-3989

CRITICAL

Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via Network Configuration Retrieval

Title source: llm
STIX 2.1

Description

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/research/tra-2019-51

Scores

CVSS v3 9.8
EPSS 0.0140
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
amazon/blink_xt2_sync_module_firmware < 2.13.11
Published Dec 11, 2019
Tracked Since Feb 18, 2026