Amazon Alexa subdomains have been found to be vulnerable to Cross-Origin Resource Sharing and Cross-Site Scripting. Exploiting these would have allowed an attacker to install or remove apps without the user’s knowledge and gather information about the device and the user(s). It would have only required one click from a specially crafted amazon link.
IoT devices such as this usually pose a high risk due to the lack of adequate security they possess. The best advice is don’t use these devices if you do not know the risk they bring to your business. If you do plan on using a device like this, ensure it is up to date and accessible to as few people as possible.
Source: Checkpoint