Attackers could install or remove apps on a device without the owner knowing, Check Point Research reports.
The hack "required just one click on an Amazon link" purposely crafted by the attacker, it says.
The firm told Amazon about the flaw, which has now been fixed.
Amazon said: "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us."
It said it did not know of any case where a bad actor had used the vulnerability to target its customers.
In January, Amazon said there were "hundreds of millions" of Alexa devices in the world.
Check Point said the hack required the creation of a malicious Amazon link, which would be sent to an unsuspecting user.
Once they clicked the link, the attacker could get a list of all installed Alexa "skills" - or apps - and steal a token allowing them add or remove skills.
One way to use the flaw would be to remove a skill and then install a malicious one that uses the same "invocation phrase" - the series of spoken words used to trigger it. This could have been done without the user knowing.
The next time the user tried to activate that skill, it would have run the attacker's app instead.
The attackers would have been able to see Alexa's voice history - a record of conversations between the user and device.
Check Point said this could create major problems, pointing to banking skills that let the user check their account balance.
"This could lead to exposure of personal information, such as banking data history," they argued - even though it does not save banking login details.
Amazon objected to this suggestion, however, saying that banking information - like balances - was redacted in the record of Alexa's responses, so it could not have been accessed.
The attack would also allow access to personal information in the Amazon profile, such as a home address, Check Point said.
Amazon also said it believed the use of a secret malicious skill was less likely than Check Point's researchers implied.
It said there were systems in place to prevent malicious skills from ever hitting the Alexa Skills Store - and that security reviews were part of their process.
Badly behaving apps were also routinely deactivated, it said.
"Their screening process probably would have caught most bad actors - they are quite good at that and know their reputation is at stake," said University of Surrey cyber-security expert Prof Alan Woodward.
"The thing about this hack was that it was due to a vulnerability that is well-known… so it's surprising to see it in Amazon's estate."
He said the access to voice records was a big concern, but was unsure if other hackers could have known about the vulnerabilities in specific subdomains used to launch the attack.
"Although if the security researchers found it, I'm sure less scrupulous people could have done the same."