Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Session Hijacking on Imou Life app

Posted date 18/12/2023
Identificador
INCIBE-2023-0570
Importance
4 - High
Affected Resources

Life app 6.7.0

Description

INCIBE has coordinated the publication of 1 session hijacking vulnerability affecting Imou Life app 6.7.0, which has been discovered by Jan Adamski (johnny1337.pl).

This vulnerability has been assigned the following base score CVSS v3.1, CVSS vectors and CWE vulnerability types: 

  • CVE-2023-6913: CVSS v3.1: 8.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | CWE-384.
Solution

Vulnerability fixed in later versions. 

Detail

CVE-2023-6913: A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

References list
IMOU life
Etiquetas