PT-2023-32821 · Imou · Imou Life
Jan Adamski
·
Published
2023-12-19
·
Updated
2023-12-28
·
CVE-2023-6913
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Imou Life version 6.7.0
Description
A session hijacking issue has been detected in the Imou Life application. This issue could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This could trigger phishing attacks.
Recommendations
For Imou Life version 6.7.0, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imou Life