CVE-2023-42470

Published: Sep 11, 2023

Modified: Sep 26, 2024

PUBLISHED

Description

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md

https://github.com/actuator/imou/blob/main/poc.apk

https://github.com/actuator/cve/blob/main/CVE-2023-42470

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-42470

Description

Affected Products

References