CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Common Weakness Enumeration
References
https://github.com/actuator/cve/blob/main/CVE-2023-42470
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
https://github.com/actuator/imou/blob/main/poc.apk
https://github.com/actuator/cve/blob/main/CVE-2023-42470
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
https://github.com/actuator/imou/blob/main/poc.apk