Skip to main content

Echo Dot Firmware

3 CVEs product

Monthly

CVE-2022-25809 CRITICAL POC Act Now

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-37436 MEDIUM This Month

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2018-11567 LOW POC Monitor

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Echo Show Firmware Echo Plus Firmware Echo Dot Firmware +2
NVD
CVSS 3.0
3.3
EPSS
1.1%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Echo Show Firmware +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy