← Volver a CVEs
CVE-2019-3989
CRITICAL9.8
Descripcion
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/11/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
amazon:blink_xt2_sync_moduleamazon:blink_xt2_sync_module_firmware
Debilidades (CWE)
CWE-78
Referencias
https://www.tenable.com/security/research/tra-2019-51(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2019-51(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.