CVE-2023-3612
Unprotected WebView access in Govee Home App
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Produtos afetados
Govee · Govee HomeQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →