Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
- EPSS 0.54%
- Veröffentlicht 19.12.2024 10:15:13
- Zuletzt bearbeitet 19.12.2024 10:15:13
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Ho...
8.8
CVE-2023-3612
- EPSS 0.07%
- Veröffentlicht 11.09.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 08:17:40
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displayi...
1