Govee Home vulnerabilities
2 known vulnerabilities affecting govee/govee_home.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-4617P2CRITICALCVSS 10.0fixed in 5.92024-12-19
CVE-2023-4617 [CRITICAL] CWE-863 CVE-2023-4617: Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and i
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.
This issue affects Govee Home applications on Android and iOS in versions before 5.9.
nvd
CVE-2023-3612P3HIGHCVSS 8.8≥ 5.7.03, < 5.8.012023-09-11
CVE-2023-3612 [HIGH] CWE-749 CVE-2023-3612: Govee Home app has unprotected access to WebView component which can be opened by any app on the dev
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
nvd