Filtered by vendor Bestbuy Subscriptions
Filtered by product Insignia Tv Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1385 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2024-11-21 7.1 High
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
CVE-2023-1384 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2024-11-21 4.3 Medium
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
CVE-2023-1383 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2024-11-21 5.4 Medium
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.