Vulnerabilities > Sharp > JH Rvb1 Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-23783 Missing Authentication for Critical Function vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
low complexity
sharp CWE-306
8.8
2024-02-14 CVE-2024-23784 Unspecified vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
low complexity
sharp
6.5
2024-02-14 CVE-2024-23785 Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
network
low complexity
sharp CWE-352
6.5
2024-02-14 CVE-2024-23786 Cross-site Scripting vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
network
low complexity
sharp CWE-79
critical
9.3
2024-02-14 CVE-2024-23787 Path Traversal vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
low complexity
sharp CWE-22
6.5
2024-02-14 CVE-2024-23788 Server-Side Request Forgery (SSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
low complexity
sharp CWE-918
8.1