CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.074

EPSS Ranking 91.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 9.0

References

https://arxiv.org/abs/2202.08619
https://arxiv.org/abs/2202.08619

Products affected by CVE-2022-25809

Amazon » Echo Dot » Version: 3.0

cpe:2.3:h:amazon:echo_dot:3.0
Amazon » Echo Dot » Version: 4.0

cpe:2.3:h:amazon:echo_dot:4.0
Amazon » Echo Dot Firmware » Version: N/A

cpe:2.3:o:amazon:echo_dot_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25809

Products

Pricing

Contact Us