PT-2024-20084 · Unknown · Energy Management Controller With Cloud Services
Shoji Baba
·
Published
2024-01-31
·
Updated
2024-10-27
·
CVE-2024-23785
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 versions B0.1.9.1 and earlier
Description
A cross-site request forgery issue allows a remote unauthenticated attacker to change the product settings.
Recommendations
For versions B0.1.9.1 and earlier, update to a version later than B0.1.9.1 to resolve the issue.
As a temporary workaround, consider restricting access to the Energy Management Controller with Cloud Services to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Energy Management Controller With Cloud Services