Описание
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.9.5 (исключая)
Одновременно
cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*
cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 7.6.3.3 (исключая)
Одновременно
cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*
cpe:2.3:h:bestbuy:insignia_tv:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 7.1
github
больше 2 лет назад
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
EPSS
Процентиль: 12%
0.0004
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-330