CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections...

Command injection

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

Input validation

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 is affected by a vulnerability due to insufficient UART protections, allowing remote attackers to execute arbitrary code and commands on the device. The issue is documented as CVE-2019-3983 with the affected product being the Blink XT2 Sync Module a...

CVE-2019-3985

CVE-2019-3985 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The flaw arises from improperly sanitized input in the Wi‑Fi configuration flow when handling the SSID parameter, enabling remote attackers to execute arbitrary commands on the device. Public sources (including NVD and Red...

CVE-2019-3986

CVE-2019-3986 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The root cause is improper sanitization of input when configuring Wi‑Fi settings via the encryption parameter, enabling a remote attacker to execute arbitrary commands on the device. Mitigation noted in connected records i...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter...

CVE-2019-3988

CVE-2019-3988 affects the Blink XT2 Sync Module firmware prior to 2.13.11. It is an OS command injection vulnerability caused by improper sanitization of the bssid parameter during Wi‑Fi configuration, enabling remote command execution on the device. Public details from multiple sources confirm t...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

CVE-2019-3989

The Blink XT2 Sync Module firmware (pre-2.13.11) is affected by CVE-2019-3989, a remote OS command injection due to improper sanitization of internal network data. The vulnerability arises when the device constructs and executes OS commands from external input (notably via get_network()/get_netwo...

Siemens SIPLUS SYNC-MODULE Detection

Binary data 750298.prm...

Immedia Semiconductor BlinkForHome Sync Module Denial of Service Vulnerability

Immedia Semiconductor BlinkForHome Sync Module is a synchronization module for use in home security camera systems from Immedia Semiconductor. A denial of service vulnerability exists in Immedia Semiconductor BlinkForHome Sync Module version 2.10.4 and prior versions, which can be exploited by an...

CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

CVE-2018-20161

A design flaw in the BlinkForHome aka Blink For Home Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips triggered by the motion sensor are not saved if the attacker's traffic such as Dot11Deauth successfully disconnects the Sync Module from the...

CVE-2018-20161

CVE-2018-20161 concerns the BlinkForHome Sync Module (2.10.4 and earlier). The vulnerability is a design flaw that allows an attacker to disable cameras via Wi‑Fi because incident clips tied to motion-sensor events aren’t saved if the attacker’s traffic (e.g., Dot11Deauth) disconnects the Sync Mo...