Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Session Hijacking on Imou Life app
Vulnerability Description
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
会话固定
Vulnerability Title
Imou Life 授权问题漏洞
Vulnerability Description
Imou Life是一个应用软件。 Imou Life 6.7.0版本存在授权问题漏洞,该漏洞源于存在会话劫持漏洞。攻击者可利用该漏洞发起网络钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A