MEDIUM🇵🇱 Wersja polska

CVE-2021-37436

CVSS 4.2v3.1pub. 2021-07-24upd. 2024-11-21

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.

CVSS Vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Amazon Echo Dot

    HW
    Amazon
    wszystkie wersje
  • Amazon Echo Dot Firmware

    OS
    Amazon
    ≤ 2021-07-02
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-25809CRITICAL9.8ten sam produkt

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary v...

CVE-2023-33248HIGH7.6ten sam produkt

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially all...

CVE-2018-11567LOW3.3ten sam produkt

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The...

CVE-2026-35560CRITICAL9.1PL ✓ten sam vendor

Nieprawidłowa walidacja certyfikatów w Amazon Athena ODBC Driver — atak MITM

CVE-2026-35561CRITICAL9.1PL ✓ten sam vendor

Niewystarczające zabezpieczenia uwierzytelniania w Amazon Athena ODBC Driver