Critical severity10.0NVD Advisory· Published Dec 19, 2024· Updated Apr 15, 2026

CVE-2023-4617

Description

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

apps.apple.com/us/app/govee-home/id1395696823nvd
cert.pl/en/posts/2024/12/CVE-2023-4617/nvd
cert.pl/posts/2024/12/CVE-2023-4617/nvd
play.google.com/store/apps/detailsnvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000