CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app onthe device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView orsteal sensitive user data by displaying phishing content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
SK-CERTCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Common Weakness Enumeration
References
https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10
https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10