Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unprotected WebView access in Govee Home App
Vulnerability Description
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
Govee Home 安全漏洞
Vulnerability Description
Govee Home是一个应用软件。 Govee Home 存在安全漏洞,该漏洞源于 WebView 组件可由设备上的任何应用打开,通过将 URL 发送到特制网站,攻击者可以在 WebView 上下文中执行 JavaScript,或通过显示网络钓鱼内容窃取敏感用户数据。
CVSS Information
N/A
Vulnerability Type
N/A