CVE-2019-3985high
Description
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
References
Details
Source: MITRE
Published: 2019-12-11
Updated: 2019-12-13
Type: CWE-78
Risk Information
CVSS v2
Base Score: 8.3
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 6.5
Severity: HIGH
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH