CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 1CVE-2022-25809
https://notcve.org/view.php?id=CVE-2022-25809
23 Feb 2022 — Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. Una Neutralización Inapropiada de la salida de audio de los dispositivos Amazon Echo Dot de 3ª y 4ª generación permite una ejecución de comandos de voz arbitrarios en estos... • https://arxiv.org/abs/2202.08619 •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37436
https://notcve.org/view.php?id=CVE-2021-37436
24 Jul 2021 — Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. Unos dispositivos Amazon Echo Dot versiones hasta 02-07-2021 a veces permiten a atacantes, que tie... • https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 1CVE-2018-11567
https://notcve.org/view.php?id=CVE-2018-11567
30 May 2018 — Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed ski... • https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdf • CWE-384: Session Fixation •