Offline PIN Brute-Forcing Vulnerability in Amazon Fire TV Stick and Insignia TV with FireOS

Offline PIN Brute-Forcing Vulnerability in Amazon Fire TV Stick and Insignia TV with FireOS

CVE-2023-1385 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.

Learn more about our Web Application Penetration Testing UK.