ID
VAR-202309-0497
CVE
CVE-2023-3612
DESCRIPTION
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content
Trust: 0.99
sources:
NVD: CVE-2023-3612 //
VULMON: CVE-2023-3612
IOT TAXONOMY
| category: | application | sub_category: | mobile_app | Trust: 0.1 |
sources:
OTHER: CVE-2023-3612
AFFECTED PRODUCTS
| vendor: | govee | model: | home | scope: | lt | version: | 5.8.01 | Trust: 0.1 |
sources:
OTHER: CVE-2023-3612
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-3612 | Trust: 1.2 |
| db: | OTHER | id: | CVE-2023-3612 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-3612 | Trust: 0.1 |
sources:
OTHER: CVE-2023-3612 //
VULMON: CVE-2023-3612 //
NVD: CVE-2023-3612
REFERENCES
| url: | https://www.sk-cert.sk/sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10 | Trust: 1.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2023-3612 //
NVD: CVE-2023-3612
SOURCES
| db: | OTHER | id: | CVE-2023-3612 |
| db: | VULMON | id: | CVE-2023-3612 |
| db: | NVD | id: | CVE-2023-3612 |
LAST UPDATE DATE
2023-09-14T23:11:27.218000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-3612 | date: | 2023-09-11T00:00:00 |
| db: | NVD | id: | CVE-2023-3612 | date: | 2023-09-11T12:41:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-3612 | date: | 2023-09-11T00:00:00 |
| db: | NVD | id: | CVE-2023-3612 | date: | 2023-09-11T10:15:00 |