Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2024-23788

CVE-2024-23788

8.1

High

Published:14 Feb 2024

Last updated:17 Jun 2026

Source:vultures@jpcert.or.jp

Modified

Weakness (CWE)

CWE-918Server-Side Request Forgery (SSRF)

CVSS Vector

v3.1

Attack Vector: Adjacent
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.

References

vultures@jpcert.or.jp

https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf

vultures@jpcert.or.jp

https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf

vultures@jpcert.or.jp

https://jvn.jp/en/vu/JVNVU94591337/

af854a3a-2127-422b-91ae-364da2661108

https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf

af854a3a-2127-422b-91ae-364da2661108

https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf

af854a3a-2127-422b-91ae-364da2661108

https://jvn.jp/en/vu/JVNVU94591337/