Govee

govee

3 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Led Strip Firmware

led_strip_firmware

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45956 1Govee 1Led Strip Firmware Nov 21, 2024 Oct 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.
CVE-2023-42189 9Eve GoveeNanoleaf+6 more 9Eve Door And Window Firmware Hub2 FirmwareHue Bridge Firmware+6 more Nov 21, 2024 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030...Show more Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.Show less
CVE-2023-3612 1Govee 1Home Nov 21, 2024 Sep 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal s...Show more Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. Show less