CVE-2023-6913

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 19, 2023

Updated: Dec 28, 2023

CWE ID 384

Summary

CVE-2023-6913: A session hijacking vulnerability has been discovered in the Imou Life application, impacting version 6.7.0. This issue stems from the QR code functionality, which fails to adequately filter scanned codes. Consequently, the application inadvertently runs WebView without user interaction or notification. This vulnerability poses a significant risk, as an attacker could exploit it to hijack user accounts and launch phishing attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t16p5P
https://www.cve.org/CVERecord?id=CVE-2023-6913
https://nvd.nist.gov/vuln/detail/CVE-2023-6913

Back to Vulnerability Database

CVE-2023-6913

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations