ID
VAR-202309-0497
CVE
CVE-2023-3612
DESCRIPTION
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content
Trust: 0.99
sources:
NVD: CVE-2023-3612 //
VULMON: CVE-2023-3612
IOT TAXONOMY
| category: | application | sub_category: | mobile_app | Trust: 0.1 |
sources:
OTHER: CVE-2023-3612
AFFECTED PRODUCTS
| vendor: | govee | model: | home | scope: | lt | version: | 5.8.01 | Trust: 1.1 |
sources:
OTHER: CVE-2023-3612 //
NVD: CVE-2023-3612
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2023-3612 //
NVD: CVE-2023-3612
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
sources:
NVD: CVE-2023-3612
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-3612 | Trust: 1.2 |
| db: | OTHER | id: | CVE-2023-3612 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-3612 | Trust: 0.1 |
sources:
OTHER: CVE-2023-3612 //
VULMON: CVE-2023-3612 //
NVD: CVE-2023-3612
REFERENCES
| url: | https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10 | Trust: 1.0 |
| url: | https://www.sk-cert.sk/sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2023-3612 //
NVD: CVE-2023-3612
SOURCES
| db: | OTHER | id: | CVE-2023-3612 |
| db: | VULMON | id: | CVE-2023-3612 |
| db: | NVD | id: | CVE-2023-3612 |
LAST UPDATE DATE
2023-12-18T13:50:20.275000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-3612 | date: | 2023-09-11T00:00:00 |
| db: | NVD | id: | CVE-2023-3612 | date: | 2023-09-13T17:53:49.923 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-3612 | date: | 2023-09-11T00:00:00 |
| db: | NVD | id: | CVE-2023-3612 | date: | 2023-09-11T10:15:07.603 |