CVE-2023-47882
Published: 27 December 2023
Summary
CVE-2023-47882 is a high-severity an unspecified weakness vulnerability in Kamivision Yi Iot. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-51972
Vulnerability details
The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote arbitrary JavaScript execution in an Android app's WebViewActivity via implicit intent, facilitating exploitation of client applications (T1203) and abuse of the JavaScript interpreter within WebView (T1059.007).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.