HIGH🇬🇧 English

CVE-2023-33248

CVSS 7.6v3.1pub. 2023-05-24upd. 2025-01-16

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
  • Amazon Alexa

    OS
    Amazon
    8960323972
  • Amazon Echo Dot

    HW
    Amazon
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-25809CRITICAL9.8ten sam produkt

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary v...

CVE-2021-37436MEDIUM4.2ten sam produkt

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device aft...

CVE-2018-11567LOW3.3ten sam produkt

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The...

CVE-2026-35560CRITICAL9.1PL ✓ten sam vendor

Nieprawidłowa walidacja certyfikatów w Amazon Athena ODBC Driver — atak MITM

CVE-2026-35561CRITICAL9.1PL ✓ten sam vendor

Niewystarczające zabezpieczenia uwierzytelniania w Amazon Athena ODBC Driver