Описание
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до b0.1.9.1 (включая)
Одновременно
cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sharp:jh-rvb1:-:*:*:*:*:*:*:*
Конфигурация 2Версия до b0.1.9.1 (включая)
Одновременно
cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sharp:jh-rv11:-:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
8.1 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 9.1
github
больше 1 года назад
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
EPSS
Процентиль: 54%
0.00309
Низкий
8.1 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918