4 matches found
CVE-2025-10910 Gaining remote control over Govee devices
A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...
CVE-2025-10910
CVE-2025-10910 describes a binding-flaw in Govee’s cloud platform that allows a remote attacker to bind an existing online Govee device to the attacker’s account, granting full control and removing it from the legitimate owner’s account. The server-side API accepts identifiers (device, sku, type)...
CVE-2023-4617 Gaining remote control over Govee devices
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...
CVE-2023-4617 Gaining remote control over Govee devices
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...