Security News > 2022 > August > New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings
2022-08-19 08:23

Amazon acquired the doorbell maker for about $1 billion in 2018.

Application security firm Checkmarx explained it identified a cross-site scripting flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app.

This is achieved by querying the below two endpoints -.

Checkmarx said it reported the issue to Amazon on May 1, 2022, following which a fix was made available on May 27 in version 3.51.0.

There is no evidence that the issue has been exploited in real-world attacks, with Amazon characterizing the exploit as "Extremely difficult" and emphasizing that no customer information was exposed.


News URL

https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 59 4 39 61 15 119