CVE-2023-42470

Name of the Vulnerable Software and Affected Versions Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android

Description The issue allows Remote Code Execution via a crafted intent to an exported component, specifically relating to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.

Recommendations For Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android, consider disabling JavaScript execution in the WebView and restrict direct web content loading until a patch is available. As a temporary workaround, restrict access to the com.mm.android.easy4ip.MainActivity activity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.