Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for jh-rvb1_firmware by sharp
CVE-2024-23789 (GCVE-0-2024-23789)
Vulnerability from nvd – Published: 2024-02-14 10:35 – Updated: 2024-08-14 19:04
VLAI?
Summary
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
Severity ?
9.8 (Critical)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rvb1\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rvb1\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rv11\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rv11\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:00:07.763303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:04:41.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:35:11.140Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23789",
"datePublished": "2024-02-14T10:35:11.140Z",
"dateReserved": "2024-01-22T09:56:37.456Z",
"dateUpdated": "2024-08-14T19:04:41.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23788 (GCVE-0-2024-23788)
Vulnerability from nvd – Published: 2024-02-14 10:10 – Updated: 2025-03-19 13:44
VLAI?
Summary
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
Severity ?
9.1 (Critical)
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services",
"vendor": "sharp_corporation",
"versions": [
{
"lessThan": "jh-rvb1_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "jh-rv11_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T16:01:51.500071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T13:44:59.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:10:41.448Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23788",
"datePublished": "2024-02-14T10:10:41.448Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2025-03-19T13:44:59.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23787 (GCVE-0-2024-23787)
Vulnerability from nvd – Published: 2024-02-14 10:09 – Updated: 2024-08-13 13:45
VLAI?
Summary
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
Severity ?
7.5 (High)
CWE
- Path traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "jh-rvb1_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "jh-rv11_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:44:39.669029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:45:10.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:09:45.961Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23787",
"datePublished": "2024-02-14T10:09:45.961Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2024-08-13T13:45:10.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23786 (GCVE-0-2024-23786)
Vulnerability from nvd – Published: 2024-02-14 10:08 – Updated: 2025-03-18 13:46
VLAI?
Summary
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
Severity ?
9.3 (Critical)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:46:28.975570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:46:50.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:08:32.703Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23786",
"datePublished": "2024-02-14T10:08:32.703Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2025-03-18T13:46:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23785 (GCVE-0-2024-23785)
Vulnerability from nvd – Published: 2024-02-14 10:07 – Updated: 2024-10-27 13:26
VLAI?
Summary
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
Severity ?
6.1 (Medium)
CWE
- Cross-site request forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:08:52.223299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T13:26:42.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:07:11.603Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23785",
"datePublished": "2024-02-14T10:07:11.603Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2024-10-27T13:26:42.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23784 (GCVE-0-2024-23784)
Vulnerability from nvd – Published: 2024-02-14 10:05 – Updated: 2025-03-25 16:30
VLAI?
Summary
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
Severity ?
6.5 (Medium)
CWE
- Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T12:40:30.854736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:30:47.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:05:55.231Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23784",
"datePublished": "2024-02-14T10:05:55.231Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2025-03-25T16:30:47.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23783 (GCVE-0-2024-23783)
Vulnerability from nvd – Published: 2024-02-14 10:02 – Updated: 2025-03-25 16:30
VLAI?
Summary
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
Severity ?
8.8 (High)
CWE
- Improper authentication
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:11:37.699842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:30:44.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:02:32.489Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23783",
"datePublished": "2024-02-14T10:02:32.489Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2025-03-25T16:30:44.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23789 (GCVE-0-2024-23789)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:35 – Updated: 2024-08-14 19:04
VLAI?
Summary
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
Severity ?
9.8 (Critical)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rvb1\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rvb1\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rv11\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rv11\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:00:07.763303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:04:41.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:35:11.140Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23789",
"datePublished": "2024-02-14T10:35:11.140Z",
"dateReserved": "2024-01-22T09:56:37.456Z",
"dateUpdated": "2024-08-14T19:04:41.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23788 (GCVE-0-2024-23788)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:10 – Updated: 2025-03-19 13:44
VLAI?
Summary
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
Severity ?
9.1 (Critical)
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services",
"vendor": "sharp_corporation",
"versions": [
{
"lessThan": "jh-rvb1_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "jh-rv11_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T16:01:51.500071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T13:44:59.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:10:41.448Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23788",
"datePublished": "2024-02-14T10:10:41.448Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2025-03-19T13:44:59.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23787 (GCVE-0-2024-23787)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:09 – Updated: 2024-08-13 13:45
VLAI?
Summary
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
Severity ?
7.5 (High)
CWE
- Path traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "jh-rvb1_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "jh-rv11_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:44:39.669029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:45:10.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:09:45.961Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23787",
"datePublished": "2024-02-14T10:09:45.961Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2024-08-13T13:45:10.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23786 (GCVE-0-2024-23786)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:08 – Updated: 2025-03-18 13:46
VLAI?
Summary
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
Severity ?
9.3 (Critical)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:46:28.975570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:46:50.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:08:32.703Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23786",
"datePublished": "2024-02-14T10:08:32.703Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2025-03-18T13:46:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23785 (GCVE-0-2024-23785)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:07 – Updated: 2024-10-27 13:26
VLAI?
Summary
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
Severity ?
6.1 (Medium)
CWE
- Cross-site request forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:08:52.223299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T13:26:42.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:07:11.603Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23785",
"datePublished": "2024-02-14T10:07:11.603Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2024-10-27T13:26:42.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23784 (GCVE-0-2024-23784)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:05 – Updated: 2025-03-25 16:30
VLAI?
Summary
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
Severity ?
6.5 (Medium)
CWE
- Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T12:40:30.854736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:30:47.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:05:55.231Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23784",
"datePublished": "2024-02-14T10:05:55.231Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2025-03-25T16:30:47.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23783 (GCVE-0-2024-23783)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:02 – Updated: 2025-03-25 16:30
VLAI?
Summary
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
Severity ?
8.8 (High)
CWE
- Improper authentication
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:11:37.699842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:30:44.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:02:32.489Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23783",
"datePublished": "2024-02-14T10:02:32.489Z",
"dateReserved": "2024-01-22T09:56:37.454Z",
"dateUpdated": "2025-03-25T16:30:44.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}