← Zuruck zu CVEs

CVE-2023-4617

CRITICAL

10.0

Beschreibung

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.

CVE Details

CVSS v3.1 Bewertung10.0

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/19/2024

Zuletzt geandert12/19/2024

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-863

Referenzen

https://apps.apple.com/us/app/govee-home/id1395696823(cvd@cert.pl)

https://cert.pl/en/posts/2024/12/CVE-2023-4617/(cvd@cert.pl)

https://cert.pl/posts/2024/12/CVE-2023-4617/(cvd@cert.pl)

https://play.google.com/store/apps/details?id=com.govee.home(cvd@cert.pl)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.