CVE-2023-3612

EPSS 0.07%
Veröffentlicht 11.09.2023 10:15:07
Zuletzt bearbeitet 21.11.2024 08:17:40
Quelle incident@nbu.gov.sk
CVE-Watchlists
Login
Unerledigt
Login

Unprotected WebView access in Govee Home App

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Govee ≫ Home SwPlatformandroid Version < 5.8.01

Govee ≫ Home SwPlatformiphone_os Version < 5.8.01

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
incident@nbu.gov.sk	8.2	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3612

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3612