CVE-2023-6913 HIGH

CVE-2023-6913: Session Hijacking on Imou Life app

Vendor Imou
Product Imou Life app
Weakness CWE-384 · Session fixation
Published December 19, 2023
Last update August 2, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

Key dates

02Disclosure timeline

December 19, 2023 CVE published
August 2, 2024 Record updated