ID
VAR-202312-1090
CVE
CVE-2023-6913
TITLE
Imou Life application session hijacking vulnerability.
Trust: 0.1
sources:
OTHER: CVE-2023-6913
DESCRIPTION
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.
Trust: 1.0
sources:
NVD: CVE-2023-6913
IOT TAXONOMY
| category: | application | sub_category: | mobile_app | Trust: 0.1 |
sources:
OTHER: CVE-2023-6913
AFFECTED PRODUCTS
| vendor: | imoulife | model: | imou life | scope: | eq | version: | 6.7.0 | Trust: 1.0 |
| vendor: | imoulife | model: | imou life | scope: | lte | version: | 6.7.0 | Trust: 0.1 |
sources:
OTHER: CVE-2023-6913 //
NVD: CVE-2023-6913
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2023-6913 //
NVD: CVE-2023-6913
PROBLEMTYPE DATA
| problemtype: | CWE-384 | Trust: 1.0 |
sources:
NVD: CVE-2023-6913
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-6913 | Trust: 1.1 |
| db: | OTHER | id: | CVE-2023-6913 | Trust: 0.1 |
sources:
OTHER: CVE-2023-6913 //
NVD: CVE-2023-6913
REFERENCES
| url: | https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app | Trust: 1.0 |
sources:
NVD: CVE-2023-6913
SOURCES
| db: | OTHER | id: | CVE-2023-6913 |
| db: | NVD | id: | CVE-2023-6913 |
LAST UPDATE DATE
2024-08-30T22:45:36.728000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2023-6913 | date: | 2023-12-28T19:03:17.600 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2023-6913 | date: | 2023-12-19T15:15:09.447 |