CVE-2023-1385

Name of the Vulnerable Software and Affected Versions Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5 Insignia TV with FireOS version 7.6.3.3

Description The issue is related to an improper JPAKE implementation, which allows offline PIN brute-forcing due to the initialization of random values to a known value. This leads to unauthorized authentication to amzn.lightning services.

Recommendations For Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5, update to version 6.2.9.5 or later to resolve the issue. For Insignia TV with FireOS version 7.6.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.