CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23788
https://notcve.org/view.php?id=CVE-2024-23788
14 Feb 2024 — Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. Vulnerabilidad de server-side request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red envíe una solicitud HTTP (GET) arbitraria desde el pro... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.4EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23786
https://notcve.org/view.php?id=CVE-2024-23786
14 Feb 2024 — Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. Vulnerabilidad de Cross-Site Scripting en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red ejecute un ... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23785
https://notcve.org/view.php?id=CVE-2024-23785
14 Feb 2024 — Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. Vulnerabilidad de cross-site request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante remoto no autenticado cambie la configuración del producto. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23784
https://notcve.org/view.php?id=CVE-2024-23784
14 Feb 2024 — Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. Existe una vulnerabilidad de control de acceso inadecuado en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores, lo que puede permitir a un atacante no autenticado... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23783
https://notcve.org/view.php?id=CVE-2024-23783
14 Feb 2024 — Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. Vulnerabilidad de autenticación incorrecta en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red acceda al producto afectado sin autenticación. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-306: Missing Authentication for Critical Function •