CVE-2021-37436

Name of the Vulnerable Software and Affected Versions Amazon Echo Dot devices through 2021-07-02

Description The issue allows attackers with physical access to a device after a factory reset to obtain sensitive information via complex hardware and software attacks. It is noted that vendor marketing statements claimed that a factory reset would safely remove personal content. The vendor is reportedly working on mitigations.

Recommendations For Amazon Echo Dot devices through 2021-07-02, as a temporary workaround, consider taking extra precautions when disposing of or resetting devices to minimize the risk of sensitive information being obtained by unauthorized parties. At the moment, there is no information about a newer version that contains a fix for this issue.