CVE-2023-4617

CRITICAL

10.0CVSS v3

—CVSS v2

1.33% EPSS (exploit probability)

CWE-863CWE

Description

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.
This issue affects Govee Home applications on Android and iOS in versions before 5.9.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE