Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SK-CERT
Published: 2023-09-11T09:04:09.924Z
Updated: 2024-08-02T07:01:57.140Z
Reserved: 2023-07-11T06:15:11.185Z
Link: CVE-2023-3612
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-11T10:15:07.603
Modified: 2023-09-13T17:53:49.923
Link: CVE-2023-3612
Redhat
No data.