Search criteria
2 vulnerabilities found for Blink XT2 Sync Module firmware by Amazon
CVE-2019-3984 (GCVE-0-2019-3984)
Vulnerability from cvelistv5 – Published: 2019-12-31 17:45 – Updated: 2024-08-04 19:26
VLAI?
Summary
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
Severity ?
No CVSS data available.
CWE
- Arbitrary Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Amazon | Blink XT2 Sync Module firmware |
Affected:
prior to 2.13.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blink XT2 Sync Module firmware",
"vendor": "Amazon",
"versions": [
{
"status": "affected",
"version": "prior to 2.13.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T17:45:56.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blink XT2 Sync Module firmware",
"version": {
"version_data": [
{
"version_value": "prior to 2.13.11"
}
]
}
}
]
},
"vendor_name": "Amazon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-51",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3984",
"datePublished": "2019-12-31T17:45:56.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3984 (GCVE-0-2019-3984)
Vulnerability from nvd – Published: 2019-12-31 17:45 – Updated: 2024-08-04 19:26
VLAI?
Summary
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
Severity ?
No CVSS data available.
CWE
- Arbitrary Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Amazon | Blink XT2 Sync Module firmware |
Affected:
prior to 2.13.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blink XT2 Sync Module firmware",
"vendor": "Amazon",
"versions": [
{
"status": "affected",
"version": "prior to 2.13.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T17:45:56.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blink XT2 Sync Module firmware",
"version": {
"version_data": [
{
"version_value": "prior to 2.13.11"
}
]
}
}
]
},
"vendor_name": "Amazon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-51",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3984",
"datePublished": "2019-12-31T17:45:56.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}