Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/12/18 11:21 a.m.22 views

CVE-2025-10910 Gaining remote control over Govee devices

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

9.3CVSS0.00358EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 11:21 a.m.18 views

CVE-2025-10910

CVE-2025-10910 describes a binding-flaw in Govee’s cloud platform that allows a remote attacker to bind an existing online Govee device to the attacker’s account, granting full control and removing it from the legitimate owner’s account. The server-side API accepts identifiers (device, sku, type)...

9.3CVSS6.4AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/19 9:39 a.m.38 views

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS6.8AI score0.00571EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/19 9:39 a.m.47 views

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS0.00571EPSS
Exploits0References4
Rows per page
Query Builder