CVE-2024-27350
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2024
Last modified:
18/09/2025
Description
Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:* | 7 (including) | 7.6.6.9 (excluding) |
| cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:* | 8 (including) | 8.1.0.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://developer.amazon.com/docs/fire-tv/fire-os-overview.html
- https://news.ycombinator.com/item?id=39496861
- https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/
- https://developer.amazon.com/docs/fire-tv/fire-os-overview.html
- https://news.ycombinator.com/item?id=39496861
- https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/