Vulnerabilities
Vulnerable Software
Amazon:  Security Vulnerabilities
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
CVSS Score
9.8
EPSS Score
0.038
Published
2019-12-31
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
CVSS Score
9.8
EPSS Score
0.037
Published
2019-12-11
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
CVSS Score
9.8
EPSS Score
0.033
Published
2019-12-11
The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.
CVSS Score
5.9
EPSS Score
0.005
Published
2019-12-06
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-04


Contact Us

Shodan ® - All rights reserved