PT-2023-32821 · Imou · Imou Life
Jan Adamski
·
Publicado
2023-12-19
·
Atualizado
2023-12-28
·
CVE-2023-6913
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Imou Life version 6.7.0
Description
A session hijacking issue has been detected in the Imou Life application. This issue could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This could trigger phishing attacks.
Recommendations
For Imou Life version 6.7.0, at the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Session Fixation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Imou Life