CVE-2023-4617
CVSS V2 None
CVSS V3 None
Description
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.
This issue affects Govee Home applications on Android and iOS in versions before 5.9.
Overview
- CVE ID
- CVE-2023-4617
- Assigner
- CERT-PL
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-19T09:39:31.393Z
- Last Modified Date
- 2024-12-19T09:39:31.393Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://cert.pl/en/posts/2024/12/CVE-2023-4617/ | third-party-advisory |
| https://cert.pl/posts/2024/12/CVE-2023-4617/ | third-party-advisory |
| https://play.google.com/store/apps/details?id=com.govee.home | product |
| https://apps.apple.com/us/app/govee-home/id1395696823 | product |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-4617 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4617 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-20 13:00:40 | Added to TrackCVE |