CVE-2024-23727 is a vulnerability identified in the YI Smart Kami Vision Android application, specifically affecting the com.kamivision.yismart app version 1.0.0_20231219. The flaw exists in the handling of implicit intents directed at the com.ants360.yicamera.activity.WebViewActivity component. An attacker can craft a malicious implicit intent that triggers the execution of arbitrary JavaScript code within the WebView context of the application. This is a classic code injection vulnerability classified under CWE-94 (Improper Control of Generation of Code). The vulnerability does not require any privileges or user interaction, making it easier to exploit if an attacker can send intents to the device. The CVSS v3.1 score of 8.4 reflects the high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), meaning the attacker needs to have some form of local access or be able to send intents to the device, but no authentication or user interaction is needed. Exploiting this vulnerability could allow attackers to execute malicious scripts, potentially leading to data theft, device manipulation, or denial of service. No patches or mitigations have been officially released yet, and there are no known exploits in the wild as of the publication date. The vulnerability highlights risks in IoT and smart device applications that embed web content without proper input validation or intent filtering.

The impact of CVE-2024-23727 is significant for organizations using the YI Smart Kami Vision application on Android devices. Successful exploitation can lead to full compromise of the application’s WebView environment, allowing attackers to execute arbitrary JavaScript code. This can result in unauthorized access to sensitive information, manipulation or corruption of data, and disruption of device functionality. Given the integration of such smart camera devices in home and enterprise environments, attackers could leverage this vulnerability to pivot into internal networks, conduct surveillance, or disrupt security monitoring. The lack of required user interaction and privileges lowers the barrier for exploitation, increasing risk. Organizations relying on these devices for security or operational monitoring face confidentiality, integrity, and availability risks. The absence of patches means the vulnerability remains exploitable until fixed, necessitating immediate mitigations. The threat is particularly relevant for sectors with high IoT adoption, including smart homes, retail, healthcare, and critical infrastructure.

To mitigate CVE-2024-23727, organizations should first monitor for official patches or updates from the vendor and apply them promptly once available. In the interim, restrict the ability to send implicit intents to the vulnerable WebViewActivity component by implementing intent filtering or permission enforcement at the Android OS level, if possible. Employ application whitelisting or sandboxing to limit the exposure of the vulnerable app. Network segmentation can isolate devices running the vulnerable application to reduce lateral movement risk. Disable or restrict unnecessary app permissions and services that could be leveraged to send intents. Conduct regular security audits of IoT devices and monitor logs for suspicious intent activity. Educate users about the risks of installing untrusted apps that might exploit local intent vulnerabilities. For high-risk environments, consider temporarily disabling or replacing the affected application or device until a patch is available. Employ endpoint detection and response (EDR) tools capable of detecting anomalous script execution within app contexts.