CVE-2023-47353 – This vulnerability in IMOU GO app allows attack... (How to Fix)

📋 TL;DR

This vulnerability in IMOU GO app allows attackers to force the download of arbitrary files through the DownloadFirmwareService component. Attackers can potentially download malicious files to devices running the vulnerable app version. This affects users of IMOU GO version 1.0.11 on Android devices.

💻 Affected Systems

Products:

IMOU GO

Versions: v1.0.11

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of the app. No special configuration is required for exploitation.

📦 What is this software?

Imou Go by Imoulife

View all CVEs affecting Imou Go →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could download and execute malicious firmware or system files, potentially gaining full control of the device, stealing sensitive data, or installing persistent malware.

🟠

Likely Case

Attackers download malicious files that could be used for further exploitation, data exfiltration, or denial of service attacks on the affected device.

🟢

If Mitigated

With proper network segmentation and device hardening, the impact is limited to the isolated device without lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows arbitrary file downloads without authentication. Public technical details are available in the GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check Google Play Store for app updates
2. If update available, install the latest version
3. If no update available, uninstall the app until a fix is released

🔧 Temporary Workarounds

Network Restriction

android

Block network access to the IMOU GO app using firewall rules or network policies

iptables -A OUTPUT -p tcp --dport 443 -m owner --uid-owner <app_uid> -j DROP

App Removal

android

Uninstall the vulnerable version of IMOU GO app

adb uninstall com.dahua.imou.go

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Implement strict outbound firewall rules to block arbitrary downloads

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > IMOU GO > App Info

Check Version:

adb shell dumpsys package com.dahua.imou.go | grep versionName

Verify Fix Applied:

Verify app version is newer than 1.0.11 or app is uninstalled

📡 Detection & Monitoring

Log Indicators:

Unexpected file download activities
Network connections to unexpected domains from IMOU GO app

Network Indicators:

Outbound connections from IMOU GO app to non-IMOU domains
Large file downloads from unusual sources

SIEM Query:

source="android_logs" app="com.dahua.imou.go" (event="download" OR event="network")

📊 Metadata

CVE ID: CVE-2023-47353

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-494

Published: February 6, 2024

Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47353, you might also want to check these: