← Volver a CVEs

CVE-2023-4617

CRITICAL

10.0

Descripcion

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.

Detalles CVE

Puntuacion CVSS v3.110.0

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado12/19/2024

Ultima modificacion12/19/2024

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-863

Referencias

https://apps.apple.com/us/app/govee-home/id1395696823(cvd@cert.pl)

https://cert.pl/en/posts/2024/12/CVE-2023-4617/(cvd@cert.pl)

https://cert.pl/posts/2024/12/CVE-2023-4617/(cvd@cert.pl)

https://play.google.com/store/apps/details?id=com.govee.home(cvd@cert.pl)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.