CVE-2024-23788

EUVD-2024-21241
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sharp_corporationenergy_management_controller_with_cloud_services
𝑥
< jh-rvb1_ver.b0.1.9.1
ADP
sharp_corporationenergy_management_controller_with_cloud_services
𝑥
< jh-rv11_ver.b0.1.9.1
ADP
Common Weakness Enumeration
References
https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf
https://jvn.jp/en/vu/JVNVU94591337/
https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf
https://jvn.jp/en/vu/JVNVU94591337/