Vulnerability Details CVE-2023-42470
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.071
EPSS Ranking 91.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/actuator/cve/blob/main/CVE-2023-42470
- https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
- https://github.com/actuator/imou/blob/main/poc.apk
- https://github.com/actuator/cve/blob/main/CVE-2023-42470
- https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
- https://github.com/actuator/imou/blob/main/poc.apk