Login Sign Up

CVE-2023-6913

8.1 HIGH

📋 TL;DR

A session hijacking vulnerability in Imou Life app version 6.7.0 allows attackers to hijack user accounts through QR code functionality. The vulnerability occurs when scanning new devices triggers WebView execution without user prompts, enabling phishing attacks. This affects all users of the vulnerable app version.

💻 Affected Systems

Products:
  • Imou Life mobile application
Versions: Version 6.7.0 specifically mentioned
Operating Systems: Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration when using QR code functionality to add new devices.

📦 What is this software?

Imou Life by Imoulife

View all CVEs affecting Imou Life →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover allowing attackers to access camera feeds, personal data, and control smart devices connected to the compromised account.

🟠

Likely Case

Session hijacking leading to unauthorized access to smart home devices and potential privacy violations through camera access.

🟢

If Mitigated

Limited impact if users avoid scanning unknown QR codes and use updated app versions.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely through QR code scanning without authentication.
🏢 Internal Only: LOW - This is a mobile application vulnerability, not typically deployed in internal enterprise environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to scan malicious QR code, but no authentication needed beyond that action.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.8.0 or later (based on typical versioning patterns)

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app

Restart Required: Yes

Instructions:

1. Open Google Play Store or Apple App Store. 2. Search for 'Imou Life'. 3. If update available, tap 'Update'. 4. Restart the application after update completes.

🔧 Temporary Workarounds

Disable QR Code Scanning

all

Avoid using QR code functionality to add new devices until patched

Network Segmentation

all

Isolate smart home devices on separate network from personal devices

🧯 If You Can't Patch

  • Uninstall the vulnerable app version and use web interface if available
  • Implement strict network monitoring for unusual device connections

🔍 How to Verify

Check if Vulnerable:

Check app version in settings: Open Imou Life app > Settings > About > Check version number

Check Version:

Not applicable - check through app settings UI

Verify Fix Applied:

Verify app version is 6.8.0 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from new locations
  • Unusual device addition patterns
  • QR code scan events from unknown sources

Network Indicators:

  • Unexpected connections to Imou cloud services
  • Traffic from new IP addresses accessing devices

SIEM Query:

source="imou_app" AND (event="qr_scan" OR event="device_added") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2023-6913
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-384
Published: December 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6913, you might also want to check these:

CVE-2024-11317 10.0

CVE-2024-11317 is a session fixation vulnerability in ABB ASPECT, NEXUS, and MATRIX series products ...

Same vulnerability type (CWE-384)
CVE-2024-38513 10.0

This vulnerability in GoFiber's session middleware allows attackers to supply their own session_id, ...

Same vulnerability type (CWE-384)
CVE-2021-20151 10.0

This vulnerability allows session hijacking on Trendnet AC2600 routers by exploiting IP-based sessio...

Same vulnerability type (CWE-384)