Amazon-owned Blink XT2 security camera systems have multiple high-severity vulnerabilities. Amazon has rolled out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later. The most serious vulnerability is a command injection flaw stemming from the sync module update (CVE-2019-3984), which exists in Blink s cloud communication endpoints for providing updates to devices or obtaining network information. The flaws could enable attackers without access to the devices to view camera footage, listen to audio output and hijack the device for use in a botnet.
Source: https://threatpost.com/amazon-blink-smart-camera-flaws/150962/