CVE-2019-3987: OS Command Injection
First published: Wed Dec 11 2019(Updated: )
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amazon Blink Xt2 Sync Module Firmware | <2.13.11 | |
| Amazon Blink Xt2 Sync Module |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3987?
CVE-2019-3987 is a vulnerability in the Blink XT2 Sync Module firmware that allows remote attackers to execute arbitrary commands on the device.
What is the severity of CVE-2019-3987?
The severity of CVE-2019-3987 is high with a CVSS score of 8.8.
How does CVE-2019-3987 work?
CVE-2019-3987 works by taking advantage of improperly sanitized input when configuring the device's WiFi configuration via the key parameter, allowing remote attackers to execute arbitrary commands.
Which software versions are affected by CVE-2019-3987?
Blink XT2 Sync Module firmware versions prior to 2.13.11 are affected by CVE-2019-3987.
Is Amazon Blink Xt2 Sync Module vulnerable to CVE-2019-3987?
No, the Amazon Blink Xt2 Sync Module itself is not vulnerable to CVE-2019-3987.
How can I fix CVE-2019-3987?
To fix CVE-2019-3987, it is recommended to update the Blink XT2 Sync Module firmware to version 2.13.11 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/amazon
- canonical/amazon blink xt2 sync module firmware
- canonical/amazon blink xt2 sync module