CVE-2024-23789

The CVE-2024-23789 issue affects SHARP Energy Management Controller with Cloud Services (JH-RVB1 / JH-RV11) versions B0.1.9.1 and earlier. Affected component is the OS command execution via a network-adjacent, unauthenticated attacker. The Red Hat/Red team documents corroborate “OS command inject...

CVE-2024-23789

Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product...

CVE-2024-23786

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected...

CVE-2024-23787

Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product...

CVE-2024-23788

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request GET from the affected product...

Authentication flaw

Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication...

Server side request forgery (ssrf)

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request GET from the affected product...

CVE-2024-23788

CVE-2024-23788 affects Sharp Energy Management Controller with Cloud Services (JH-RV11/B0.1.9.1 and earlier). The issue is a server-side request forgery (SSRF) allowing a network-adjacent, unauthenticated attacker to send arbitrary HTTP GET requests from the affected device. Impact is high for co...

CVE-2024-23787

The SHARP Energy Management Controller with Cloud Services (models JH-RVB1 / JH-RV11) versions B0.1.9.1 and earlier are affected by a path traversal vulnerability that allows a network-adjacent, unauthenticated attacker to obtain arbitrary files outside the web root. Root cause: improper handling...

CVE-2024-23786

CVE-2024-23786 affects the Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11, Ver.B0.1.9.1 and earlier). The vulnerability is a stored cross-site scripting issue that allows a network-adjacent unauthenticated attacker to cause arbitrary script execution in a user’s browser w...

CVE-2024-23786

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected...

CVE-2024-23785

The CVE-2024-23785 entry concerns Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11) affected up to Ver.B0.1.9.1. The vulnerability is a Cross-site Request Forgery (CSRF) that enables a remote unauthenticated attacker to change product settings. Documents from multiple sourc...

CVE-2024-23785

Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings...

CVE-2024-23783

Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication...