CVE-2023-4617
Published
CVSS v3
10
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.
Govee Home is an app to help you manage your smart devices.
-Check the status of your device in real time
-Connect new devices in seconds
-Enjoy the artistry & magic of lighting effects
-Get a first look at new tech and share your ideas
-Fast and efficient customer service
[HealthKit]
-GoveeHome has integrated with HealthKit. You may choose to sync your weight, BMI and body fat percentage data to Apple Health.
-GoveeHome does not obtain or retrieve any data from Apple Health.
Apple App Store