CVE-2023-4617

EPSS 1.33%
Veröffentlicht 19.12.2024 10:15:13
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. 
This issue affects Govee Home applications on Android and iOS in versions before 5.9.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerGovee

≫

Produkt Govee Home

Default Statusunaffected

Version 0

Version < 5.9

Status affected

HerstellerGovee

≫

Produkt Govee Home

Default Statusunaffected

Version 0

Version < 5.9

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.33%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cvd@cert.pl	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://apps.apple.com/us/app/govee-home/id1395696823

https://cert.pl/en/posts/2024/12/CVE-2023-4617/

https://cert.pl/posts/2024/12/CVE-2023-4617/

https://play.google.com/store/apps/details?id=com.govee.home

https://nvd.nist.gov/vuln/detail/CVE-2023-4617

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4617

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4617

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-4617