Session Hijacking on Imou Life app

Posted date 18/12/2023

Importance

4 - High

Affected Resources

Life app 6.7.0

Description

INCIBE has coordinated the publication of 1 session hijacking vulnerability affecting Imou Life app 6.7.0, which has been discovered by Jan Adamski (johnny1337.pl).

This vulnerability has been assigned the following base score CVSS v3.1, CVSS vectors and CWE vulnerability types:

CVE-2023-6913: CVSS v3.1: 8.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | CWE-384.

Solution

Vulnerability fixed in later versions.

Detail

CVE-2023-6913: A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

References list

IMOU life

Etiquetas

0day
CNA
Vulnerability