A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-12-19T14:49:48.766Z
Updated: 2024-08-02T08:42:08.526Z
Reserved: 2023-12-18T09:51:26.413Z
Link: CVE-2023-6913
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-19T15:15:09.447
Modified: 2024-11-21T08:44:49.510
Link: CVE-2023-6913
Redhat
No data.