CVE-2023-4617
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Summary
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Govee | Govee Home | 0 < 5.9 | affected |
| Govee | Govee Home | 0 < 5.9 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://cert.pl/en/posts/2024/12/CVE-2023-4617/
- https://cert.pl/posts/2024/12/CVE-2023-4617/
- https://play.google.com/store/apps/details?id=com.govee.home
- https://apps.apple.com/us/app/govee-home/id1395696823
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.