CVE-2024-23727 – This vulnerability allows remote attackers to e... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary JavaScript code in the YI Smart Kami Vision Android app through an implicit intent to a vulnerable WebViewActivity component. Attackers can potentially take control of the app's functionality and access device resources. All Android users running the affected app version are at risk.

💻 Affected Systems

Products:

YI Smart Kami Vision (com.kamivision.yismart)

Versions: Through 1.0.0_20231219

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable by default. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Android device through remote code execution, allowing data theft, surveillance camera control, and installation of additional malware.

🟠

Likely Case

Unauthorized access to camera feeds, device data exfiltration, and potential privilege escalation within the app context.

🟢

If Mitigated

Limited impact if app is uninstalled or network access is restricted, though device remains vulnerable to local attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires delivering a malicious intent to the vulnerable component, which can be done through various Android attack vectors including malicious apps, links, or network-based attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Check Google Play Store for app updates
2. If no update available, uninstall the app immediately
3. Monitor vendor communications for security patches

🔧 Temporary Workarounds

Uninstall Vulnerable App

android

Remove the YI Smart Kami Vision app from all Android devices

adb uninstall com.kamivision.yismart

Disable App Permissions

android

Revoke all permissions from the app in Android settings

🧯 If You Can't Patch

Disconnect affected devices from networks and disable internet access
Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > YI Smart Kami Vision. If version is 1.0.0_20231219 or earlier, device is vulnerable.

Check Version:

adb shell dumpsys package com.kamivision.yismart | grep versionName

Verify Fix Applied:

Verify app is either updated to a version after 1.0.0_20231219 or completely uninstalled from the device.

📡 Detection & Monitoring

Log Indicators:

Unusual WebViewActivity intents
JavaScript execution attempts in app logs
Permission escalation attempts

Network Indicators:

Unexpected network connections from the app
Suspicious JavaScript payloads in network traffic

SIEM Query:

source="android_logs" AND app="com.kamivision.yismart" AND (activity="WebViewActivity" OR message="javascript:")

📊 Metadata

CVE ID: CVE-2024-23727

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: March 28, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23727, you might also want to check these: