CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23789
https://notcve.org/view.php?id=CVE-2024-23789
14 Feb 2024 — Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red ejecute un comando arbitrario del sistema operativo en el producto afectado. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23788
https://notcve.org/view.php?id=CVE-2024-23788
14 Feb 2024 — Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. Vulnerabilidad de server-side request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red envíe una solicitud HTTP (GET) arbitraria desde el pro... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23785
https://notcve.org/view.php?id=CVE-2024-23785
14 Feb 2024 — Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. Vulnerabilidad de cross-site request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante remoto no autenticado cambie la configuración del producto. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •