CVE-2023-3612

Summary

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

Affected Software

VendorProductVersion RangeStatus
GoveeGovee Home5.7.03 < 5.8.01affected

Weaknesses

  • CWE-749: CWE-749 Exposed Dangerous Method or Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References