{"vulnerability": "CVE-2023-1385", "sightings": [{"uuid": "577ee5a2-b24f-46a4-9c6c-9bfffeb9af72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1385", "type": "seen", "source": "https://t.me/androidMalware/1874", "content": "Vulnerabilities identified in Amazon Fire TV Stick \n1) Local network PIN brute forcing (CVE-2023-1385) \n2) Arbitrary Javascript code to execution (CVE-2023-1384) \n3) Register services that are only locally accessible (CVE-2023-1383) \nhttps://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf", "creation_timestamp": "2023-06-27T08:55:40.000000Z"}, {"uuid": "8f06687e-5637-4bc9-b6db-b9fc538c9eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1385", "type": "seen", "source": "https://t.me/cibsecurity/63229", "content": "\u203c CVE-2023-1385 \u203c\n\nImproper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.This issue affects:Amazon Fire TV Stick 3rd gen\u00c2\u00a0versions prior to 6.2.9.5.Insignia TV with FireOS\u00c2\u00a07.6.3.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T16:31:08.000000Z"}]}