4 matches found
CVE-2023-1383
CVE-2023-1383 involves an improper enforcement of a behavioral workflow in the exchangeDeviceServices function of the amzn.dmgr service. Public documents specify affected devices: Amazon Fire TV Stick (3rd gen) before 6.2.9.5 and Insignia TV with FireOS before 7.6.3.3. The vulnerability enables a...
CVE-2019-7399
Vulnerability summary (CVE-2019-7399) : FireOS up to version 5.3.6.3/4 contains a root-cause in the Settings/Terms of Use and Privacy pages where content is loaded without HTTPS. This allows a network-based attacker to perform a man-in-the-middle (MITM) attack to inject malicious content or exfil...
CVE-2023-1384
The CVE-2023-1384 issue affects Amazon Fire TV Stick 3rd-gen devices (pre-6.2.9.5) and Insignia FireOS TVs (pre-7.6.3.3). The root cause is improper sanitization of the source parameter in the setMediaSource function of the amzn.thin.pl service, which can allow arbitrary JavaScript execution. Rem...
CVE-2023-1385
CVE-2023-1385 describes an improper JPAKE implementation that allows offline PIN brute-forcing due to initializing random values to a known value, enabling unauthorized authentication to amzn.lightning services. Affected: Amazon Fire TV Stick 3rd gen before 6.2.9.5 and Insignia TV with FireOS 7.6...