Vulnerabilities > Sharp > JH Rv11 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-14 | CVE-2024-23783 | Missing Authentication for Critical Function vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | 8.8 |
2024-02-14 | CVE-2024-23784 | Unspecified vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. low complexity sharp | 6.5 |
2024-02-14 | CVE-2024-23785 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | 6.5 |
2024-02-14 | CVE-2024-23786 | Cross-site Scripting vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | 9.3 |
2024-02-14 | CVE-2024-23787 | Path Traversal vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | 6.5 |
2024-02-14 | CVE-2024-23788 | Server-Side Request Forgery (SSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | 8.1 |