Vulnerability Details CVE-2023-42470
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.153
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/actuator/cve/blob/main/CVE-2023-42470
- https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
- https://github.com/actuator/imou/blob/main/poc.apk
- https://github.com/actuator/cve/blob/main/CVE-2023-42470
- https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
- https://github.com/actuator/imou/blob/main/poc.apk