Security Advisory

CVE-2023-3612

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-11 09:04:09

Last updated 2024-09-26 14:32:25

Assigner SK-CERT

State PUBLISHED

Description

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

← Browse all CVEs View on cve.org ↗