Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jh\-Rv11_firmware
(Sharp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-14 | CVE-2024-23788 | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 8.1 | ||
| 2024-02-14 | CVE-2024-23783 | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 8.8 | ||
| 2024-02-14 | CVE-2024-23784 | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 6.5 | ||
| 2024-02-14 | CVE-2024-23785 | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 6.5 | ||
| 2024-02-14 | CVE-2024-23786 | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 9.3 | ||
| 2024-02-14 | CVE-2024-23787 | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | Jh\-Rv11_firmware, Jh\-Rvb1_firmware | 6.5 |