CVE-2023-42470 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-42470?

CVE-2023-42470 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Android devices running the Imou Life app (com.mm.android.smartlifeiot) by sending a crafted intent to an exported component. The app's WebView has JavaScript enabled and loads web content directly, enabling exploitation. All users of the affected Android app versions are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Android devices running the Imou Life app (com.mm.android.smartlifeiot) by sending a crafted intent to an exported component. The app's WebView has JavaScript enabled and loads web content directly, enabling exploitation. All users of the affected Android app versions are at risk.

💻 Affected Systems

Products:

Imou Life (com.mm.android.smartlifeiot)

Versions: Through 6.8.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version of the Imou Life app. Requires app to be installed and running.

📦 What is this software?

Life by Imoulife

View all CVEs affecting Life →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malware, data theft, surveillance, and persistence as a backdoor.

🟠

Likely Case

Attacker gains control of the app's permissions to access camera, microphone, location, and personal data stored by the app.

🟢

If Mitigated

Limited impact if app is uninstalled or device has strict app isolation and minimal permissions granted.

🌐 Internet-Facing: HIGH - Exploitable via malicious links or apps that can send intents to the vulnerable component.

🏢 Internal Only: MEDIUM - Requires local network access or malicious apps on the same device.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept APK available on GitHub. Exploitation requires user interaction (clicking malicious link) or another app sending crafted intent.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for app updates in Google Play Store. 2. If no update beyond 6.8.0 is available, uninstall the app. 3. Monitor vendor communications for security updates.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the Imou Life app from Android devices

Settings > Apps > Imou Life > Uninstall

Disable app from receiving intents

android

Use Android settings to prevent the app from being launched by other apps

Settings > Apps > Imou Life > Open by default > Clear defaults and disable 'Open supported links'

🧯 If You Can't Patch

Isolate device on separate network segment with strict outbound filtering
Implement mobile device management (MDM) to restrict app installations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Imou Life. If version is 6.8.0 or earlier, device is vulnerable.

Check Version:

adb shell dumpsys package com.mm.android.smartlifeiot | grep versionName

Verify Fix Applied:

Verify app is either updated to version beyond 6.8.0 or completely uninstalled from the device.

📡 Detection & Monitoring

Log Indicators:

Android logs showing intents sent to com.mm.android.easy4ip.MainActivity
Unexpected WebView JavaScript execution in app logs

Network Indicators:

Unusual outbound connections from the Imou app to unknown domains
Suspicious APK downloads or installation attempts

SIEM Query:

source="android_logs" AND (activity="com.mm.android.easy4ip.MainActivity" OR package="com.mm.android.smartlifeiot") AND event="intent_received"

📊 Metadata

CVE ID: CVE-2023-42470

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: September 11, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/actuator/cve/blob/main/CVE-2023-42470 Third Party Advisory
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md Exploit
https://github.com/actuator/imou/blob/main/poc.apk Exploit
https://github.com/actuator/cve/blob/main/CVE-2023-42470 Third Party Advisory
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md Exploit
https://github.com/actuator/imou/blob/main/poc.apk Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42470, you might also want to check these: