Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gaining remote control over Govee devices
Vulnerability Description
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Govee Home 安全漏洞
Vulnerability Description
Govee Home是Govee公司的一个应用软件。 Govee Home存在安全漏洞,该漏洞源于应用程序中HTTP POST方法存在授权错误漏洞,允许远程攻击者通过更改device、sku和type字段的值来控制其他用户拥有的设备。
CVSS Information
N/A
Vulnerability Type
N/A