Filtered by vendor Sharp Subscriptions
Filtered by product Jh-rv11 Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23788 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-12-13 8.1 High
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
CVE-2024-23787 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-11-25 6.5 Medium
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
CVE-2024-23786 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-11-21 9.3 Critical
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
CVE-2024-23785 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-11-21 6.1 Medium
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
CVE-2024-23784 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-11-21 6.5 Medium
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
CVE-2024-23783 1 Sharp 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more 2024-11-21 8.8 High
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.