CVE-2021-37436

Опубликовано: 24 июл. 2021

Источник: nvd

CVSS3: 4.2

CVSS2: 1.9

EPSS Низкий

Описание

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.

Ссылки

https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/
Third Party Advisory
https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
Technical Description
Third Party Advisory
https://news.ycombinator.com/item?id=27943730
Third Party Advisory
https://www.cpomagazine.com/data-privacy/is-it-possible-to-make-iot-devices-private-amazon-echo-dot-does-not-wipe-personal-content-after-factory-reset/
Third Party Advisory
https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/
Third Party Advisory
https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
Technical Description
Third Party Advisory
https://news.ycombinator.com/item?id=27943730
Third Party Advisory
https://www.cpomagazine.com/data-privacy/is-it-possible-to-make-iot-devices-private-amazon-echo-dot-does-not-wipe-personal-content-after-factory-reset/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:amazon:echo_dot_firmware:*:*:*:*:*:*:*:*

Версия до 2021-07-02 (включая)

cpe:2.3:h:amazon:echo_dot:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00092

Низкий

4.2 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6gjm-vrf7-xg3w

github

больше 3 лет назад