Vulnerability CVE-2023-1385
Published: 2023-05-03

Description:
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.

Type:

CWE-330

 (Use of Insufficiently Random Values)

 References:
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/
Copyright 2024, cxsecurity.com

 

Back to Top