CVE-2023-3612
Unprotected WebView access in Govee Home App
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Productos afectados
Govee · Govee Home¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →