Unrated severityNVD Advisory· Published May 3, 2023· Updated Jan 30, 2025
CVE-2023-1385
CVE-2023-1385
Description
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<6.2.9.5+ 1 more
- (no CPE)range: <6.2.9.5
- (no CPE)range: 6.2.9.4
- Insignia/TV with FireOSv5Range: 7.6.3.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.