Session Hijacking on Imou Life app

Posted date 18/12/2023
4 - High
Affected Resources

Life app 6.7.0


INCIBE has coordinated the publication of 1 session hijacking vulnerability affecting Imou Life app 6.7.0, which has been discovered by Jan Adamski (

This vulnerability has been assigned the following base score CVSS v3.1, CVSS vectors and CWE vulnerability types: 

  • CVE-2023-6913: CVSS v3.1: 8.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | CWE-384.

Vulnerability fixed in later versions. 


CVE-2023-6913: A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

References list