Описание
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.8.01 (исключая)Версия до 5.8.01 (исключая)
Одно из
cpe:2.3:a:govee:home:*:*:*:*:*:android:*:*
cpe:2.3:a:govee:home:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
8.2 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-749
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.2
github
больше 2 лет назад
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
EPSS
Процентиль: 22%
0.00071
Низкий
8.2 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-749
NVD-CWE-noinfo