CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.2%

CVSS Severity

CVSS v3 Score 7.1

References

Products affected by CVE-2023-1385

Amazon » Fire Tv Stick 3rd Gen » Version: N/A

cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-
Bestbuy » Insignia Tv » Version: N/A

cpe:2.3:h:bestbuy:insignia_tv:-
Amazon » Fire Os » Version: 1

cpe:2.3:o:amazon:fire_os:1
Amazon » Fire Os » Version: 2

cpe:2.3:o:amazon:fire_os:2
Amazon » Fire Os » Version: 3

cpe:2.3:o:amazon:fire_os:3
Amazon » Fire Os » Version: 4

cpe:2.3:o:amazon:fire_os:4
Amazon » Fire Os » Version: 5

cpe:2.3:o:amazon:fire_os:5
Amazon » Fire Os » Version: 5.3.6.3

cpe:2.3:o:amazon:fire_os:5.3.6.3
Amazon » Fire Os » Version: 5.3.6.4

cpe:2.3:o:amazon:fire_os:5.3.6.4
Amazon » Fire Os » Version: 6

cpe:2.3:o:amazon:fire_os:6
Amazon » Fire Os » Version: 6.2.9.5

cpe:2.3:o:amazon:fire_os:6.2.9.5
Amazon » Fire Os » Version: 7

cpe:2.3:o:amazon:fire_os:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1385

Products

Pricing

Contact Us