Unspecified Vulnerability in Amazon Blink XT2 Sync Module

Blink XT2 Sync Module is a camera synchronization device. An unspecified vulnerability exists in Amazon Blink XT2 Sync Module, which stems from the program not being adequately UART-protected. An attacker can exploit the vulnerability to execute arbitrary code and commands...

Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09704)

Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter...

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

Command injection

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

Input validation

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 is affected by a vulnerability due to insufficient UART protections, allowing remote attackers to execute arbitrary code and commands on the device. The issue is documented as CVE-2019-3983 with the affected product being the Blink XT2 Sync Module a...

CVE-2019-3985

CVE-2019-3985 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The flaw arises from improperly sanitized input in the Wi‑Fi configuration flow when handling the SSID parameter, enabling remote attackers to execute arbitrary commands on the device. Public sources (including NVD and Red...

CVE-2019-3986

CVE-2019-3986 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The root cause is improper sanitization of input when configuring Wi‑Fi settings via the encryption parameter, enabling a remote attacker to execute arbitrary commands on the device. Mitigation noted in connected records i...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter...

CVE-2019-3988

CVE-2019-3988 affects the Blink XT2 Sync Module firmware prior to 2.13.11. It is an OS command injection vulnerability caused by improper sanitization of the bssid parameter during Wi‑Fi configuration, enabling remote command execution on the device. Public details from multiple sources confirm t...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

CVE-2019-3989

The Blink XT2 Sync Module firmware (pre-2.13.11) is affected by CVE-2019-3989, a remote OS command injection due to improper sanitization of internal network data. The vulnerability arises when the device constructs and executes OS commands from external input (notably via get_network()/get_netwo...

PT-2019-15901 · Zoho · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions prior to 13620 Description: The issue allows for remote unauthenticated SQL injection. This is achieved via the eventid parameter to the SyncEventServlet endpoint, specifically targeting the doG...

Amazon's Blink Smart Security Cameras Open to Hijack

Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...

Azure File Sync Agent v9.0 Release – November 2019 (KB4522359)

Update for Azure File Sync agent version 9.0.0.0. For more details, see the associated Microsoft Knowledge Base article...