Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.

Published

2024-02-26T16:28:00.313

Last Modified

2025-09-18T16:23:23.137

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amazon	fire_os	< 7.6.6.9	Yes
Operating System	amazon	fire_os	< 8.1.0.3	Yes

References

https://developer.amazon.com/docs/fire-tv/fire-os-overview.html Product ([email protected])
https://news.ycombinator.com/item?id=39496861 Issue Tracking ([email protected])
https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/ Exploit, Press/Media Coverage, Third Party Advisory ([email protected])
https://developer.amazon.com/docs/fire-tv/fire-os-overview.html Product (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=39496861 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/ Exploit, Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)