Details of VAR-202412-2559

ID

VAR-202412-2559

CVE

CVE-2023-4617

TITLE

Vulnerability in Govee Home mobile application (Android & iOS)

Trust: 0.1

sources: OTHER: CVE-2023-4617

DESCRIPTION

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9

Trust: 0.99

sources: NVD: CVE-2023-4617 // OTHER: CVE-2023-4617

IOT TAXONOMY

category:

mobile app

sub_category:

Trust: 0.1

sources: OTHER: CVE-2023-4617

AFFECTED PRODUCTS

vendor:

govee

model:

home

scope:

version:

5.9

Trust: 0.1

sources: OTHER: CVE-2023-4617

CVSS

SEVERITY

CVSSV2

CVSSV3

cvd@cert.pl:	CVE-2023-4617
value:	CRITICAL
Trust: 1.0

cvd@cert.pl:	CVE-2023-4617
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-4617

PROBLEMTYPE DATA

problemtype:

CWE-863

Trust: 1.1

sources: OTHER: CVE-2023-4617 // NVD: CVE-2023-4617

EXTERNAL IDS

db:	NVD	id:	CVE-2023-4617	Trust: 1.1
db:	OTHER	id:	CVE-2023-4617	Trust: 0.1

sources: OTHER: CVE-2023-4617 // NVD: CVE-2023-4617

REFERENCES

url:	https://cert.pl/en/posts/2024/12/cve-2023-4617/	Trust: 1.1
url:	https://play.google.com/store/apps/details?id=com.govee.home	Trust: 1.1
url:	https://apps.apple.com/us/app/govee-home/id1395696823	Trust: 1.1
url:	https://cert.pl/posts/2024/12/cve-2023-4617/	Trust: 1.1

sources: OTHER: CVE-2023-4617 // NVD: CVE-2023-4617

CREDITS

Jan Adamski and Marek Janiszewski from NASK

Trust: 0.1

sources: OTHER: CVE-2023-4617

SOURCES

db:	OTHER	id:	CVE-2023-4617
db:	NVD	id:	CVE-2023-4617

LAST UPDATE DATE

2025-01-10T23:26:53.129000+00:00

SOURCES UPDATE DATE

db:	OTHER	id:	CVE-2023-4617	date:	2024-12-19T10:15:13.147
db:	NVD	id:	CVE-2023-4617	date:	2024-12-19T10:15:13.147

SOURCES RELEASE DATE

db:	OTHER	id:	CVE-2023-4617	date:	2024-12-19T10:15:13.147
db:	NVD	id:	CVE-2023-4617	date:	2024-12-19T10:15:13.147