Vulnerability Details CVE-2023-3612
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 8.2
References