CVE-2024-27350

medium

Description

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.

References

https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/

https://news.ycombinator.com/item?id=39496861

https://developer.amazon.com/docs/fire-tv/fire-os-overview.html

Details

Source: Mitre, NVD

Published: 2024-02-26

Updated: 2025-09-18

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.00061