VYPR
Unrated severityNVD Advisory· Published May 3, 2023· Updated Jan 30, 2025

CVE-2023-1385

CVE-2023-1385

Description

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Amazon/Fire TV Stick 3rd genllm-fuzzy2 versions
    <6.2.9.5+ 1 more
    • (no CPE)range: <6.2.9.5
    • (no CPE)range: 6.2.9.4
  • Insignia/TV with FireOSv5
    Range: 7.6.3.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.