7 matches found
CVE-2024-23786
CVE-2024-23786 affects the Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11, Ver.B0.1.9.1 and earlier). The vulnerability is a stored cross-site scripting issue that allows a network-adjacent unauthenticated attacker to cause arbitrary script execution in a user’s browser w...
CVE-2024-23787
The SHARP Energy Management Controller with Cloud Services (models JH-RVB1 / JH-RV11) versions B0.1.9.1 and earlier are affected by a path traversal vulnerability that allows a network-adjacent, unauthenticated attacker to obtain arbitrary files outside the web root. Root cause: improper handling...
CVE-2024-23783
CVE-2024-23783 affects Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11) up to Ver.B0.1.9.1. The vulnerability is described as improper authentication allowing a network-adjacent unauthenticated attacker to access the product without authentication. Public sources in the co...
CVE-2024-23784
The CVE-2024-23784 issue affects SHARP Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11) up to Ver.B0.1.9.1, where improper access control could allow a network-adjacent, unauthenticated attacker to view a username and its hashed password on the product’s management page. The SHA...
CVE-2024-23788
CVE-2024-23788 affects Sharp Energy Management Controller with Cloud Services (JH-RV11/B0.1.9.1 and earlier). The issue is a server-side request forgery (SSRF) allowing a network-adjacent, unauthenticated attacker to send arbitrary HTTP GET requests from the affected device. Impact is high for co...
CVE-2024-23789
The CVE-2024-23789 issue affects SHARP Energy Management Controller with Cloud Services (JH-RVB1 / JH-RV11) versions B0.1.9.1 and earlier. Affected component is the OS command execution via a network-adjacent, unauthenticated attacker. The Red Hat/Red team documents corroborate “OS command inject...
CVE-2024-23785
The CVE-2024-23785 entry concerns Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11) affected up to Ver.B0.1.9.1. The vulnerability is a Cross-site Request Forgery (CSRF) that enables a remote unauthenticated attacker to change product settings. Documents from multiple sourc...