CVE-2023-6913

Name: CVE-2023-6913
Creator: NVD / NIST
Published: 2023-12-19T15:15:09.447+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 0.73%

Last modified Jun 17, 2026

CVE-2023-6913 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. EPSS estimates a 0.73% chance of exploitation in the next 30 days.

Description

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Probability

0.73%

49.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-384

Affected Software

Vendor	Product	Versions
Imoulife	Imou Life	6.7.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-appThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-appThird Party Advisory

Timeline

Published: Dec 19, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-6913?

How severe is CVE-2023-6913?

CVE-2023-6913 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.73% probability of exploitation in the next 30 days.

How do I fix CVE-2023-6913?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6913?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST