Fire Os Security Vulnerabilities and Issues — Fire Os CVE List

Lucene search

AmazonFire Os

3 matches found

CVE•added 2023/05/03 12:16 p.m.•48 views

CVE-2023-1383

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS ...

5.4CVSS4.6AI score0.00056EPSS

CVE•added 2023/05/03 1:15 p.m.•30 views

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS versions prior to 7.6.3.3.

6.1CVSS6.4AI score0.00153EPSS

CVE•added 2023/05/03 1:15 p.m.•30 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS 7.6.3...

8.8CVSS8.6AI score0.0004EPSS