Browse all 3 CVE security advisories affecting Govee. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Govee specializes in smart LED lighting and IoT devices for home and commercial environments. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from inadequate input validation and weak authentication mechanisms. The company has addressed multiple CVEs, including issues allowing unauthorized device access and control. While no major public security incidents have been widely reported, the consistent appearance of similar vulnerability classes across their product line suggests ongoing challenges in secure development practices. Users should implement network segmentation and regular firmware updates to mitigate potential risks associated with these devices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10910 | Gaining remote control over Govee devices — H6056CWE-639 | 9.8AI | CriticalAI | 2025-12-18 |
| CVE-2023-4617 | Gaining remote control over Govee devices — Govee HomeCWE-863 | 10.0 | Critical | 2024-12-19 |
| CVE-2023-3612 | Unprotected WebView access in Govee Home App — Govee HomeCWE-749 | 8.2 | High | 2023-09-11 |
This page lists every published CVE security advisory associated with Govee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.