Improper Neutralization Vulnerability in Amazon Alexa Smart Speakers
CVE-2022-25809
9.8CRITICAL
What is CVE-2022-25809?
A vulnerability in 3rd and 4th Generation Amazon Echo Dot devices enables unauthorized execution of voice commands through exploitation of audio output protocols. This can occur via two main vectors: remote attackers can leverage malicious skills to control devices, while physically proximate attackers can exploit this vulnerability by connecting malicious Bluetooth devices. This flaw poses significant security risks, leading to potential unauthorized access and control over the affected devices.
