CVE-2023-3612
Unprotected WebView access in Govee Home App
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected products
Govee · Govee HomeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →