CVE-2023-4617

Published: Dic 19, 2024 Last Modified: Dic 19, 2024 EU-VD ID: EUVD-2023-54470 Aliases: GSD-2023-4617

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 10,0

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: low

Integrity: high

Availability: high

Description

AI Translation Available

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing 'device', 'sku' and 'type' fields' values.
This issue affects Govee Home applications on Android and iOS in versions before 5.9.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0054

Percentile

0,7th

Updated

EPSS Score Trend (Last 90 Days)

863

Incorrect Authorization

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Availability

Potential Impacts:

Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)