CVE-2023-3612

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-749
View all →

Vulnerability Description

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

Related Vulnerabilities

CVE-2019-10918

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with ...

CWE-7492019

CVE-2020-17388

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, ...

CWE-7492020

CVE-2021-34996

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the ex...

CWE-7492021

CVE-2023-51584

HIGH
CVSS:8.8(High)

Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492023

CVE-2024-5298

HIGH
CVSS:8.8(High)

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492024

CVE-2024-5299

HIGH
CVSS:8.8(High)

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D...

CWE-7492024