CVE-2024-23786 – A cross-site scripting (XSS) vulnerability in S... (How to Fix)

Q: What is the severity of CVE-2024-23786?

CVE-2024-23786 has a CVSS score of 9.3 (CRITICAL). A cross-site scripting (XSS) vulnerability in Sharp Energy Management Controller with Cloud Services allows network-adjacent unauthenticated attackers to inject malicious scripts into the management web interface. When users access the compromised management page, their browsers execute arbitrary scripts, potentially leading to session hijacking, credential theft, or device takeover. This affects JH-RVB1 and JH-RV11 controllers running firmware version B0.1.9.1 or earlier.

📋 TL;DR

A cross-site scripting (XSS) vulnerability in Sharp Energy Management Controller with Cloud Services allows network-adjacent unauthenticated attackers to inject malicious scripts into the management web interface. When users access the compromised management page, their browsers execute arbitrary scripts, potentially leading to session hijacking, credential theft, or device takeover. This affects JH-RVB1 and JH-RV11 controllers running firmware version B0.1.9.1 or earlier.

💻 Affected Systems

Products:

Sharp Energy Management Controller with Cloud Services JH-RVB1
Sharp Energy Management Controller with Cloud Services JH-RV11

Versions: B0.1.9.1 and earlier

Operating Systems: Embedded controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability requires network adjacency but no authentication, making it accessible to any device on the same network segment.

📦 What is this software?

Jh Rv11 Firmware by Sharp

View all CVEs affecting Jh Rv11 Firmware →

Jh Rvb1 Firmware by Sharp

View all CVEs affecting Jh Rvb1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the energy management controller, allowing attackers to steal administrator credentials, modify device settings, disrupt energy management operations, and pivot to other network systems.

🟠

Likely Case

Session hijacking leading to unauthorized access to the management interface, configuration changes, and potential data exfiltration from the controller.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent network-adjacent attackers from reaching the management interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network adjacency but no authentication, making exploitation straightforward for attackers on the same network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: B0.1.9.2 or later

Vendor Advisory: https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf

Restart Required: Yes

Instructions:

1. Download firmware update B0.1.9.2 or later from Sharp support portal. 2. Log into the controller management interface. 3. Navigate to firmware update section. 4. Upload and apply the new firmware. 5. Reboot the controller as prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the energy management controller on a dedicated VLAN with strict access controls to prevent network-adjacent attacks.

Access Control Lists

all

Implement firewall rules to restrict access to the controller's management interface to authorized IP addresses only.

🧯 If You Can't Patch

Isolate the controller on a dedicated network segment with no other devices
Implement strict network access controls to limit who can reach the management interface

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the controller's web interface under System Information or Settings. If version is B0.1.9.1 or earlier, the device is vulnerable.

Check Version:

No CLI command available. Check via web interface at http://[controller-ip]/system-info or similar page.

Verify Fix Applied:

After updating, verify the firmware version shows B0.1.9.2 or later in the management interface.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to management pages with script tags or JavaScript payloads
Multiple failed login attempts followed by successful access from unusual IPs

Network Indicators:

HTTP traffic to controller management interface containing suspicious script tags or encoded payloads
Unexpected outbound connections from the controller

SIEM Query:

source="controller_logs" AND (http_uri="*<script*" OR http_uri="*javascript:*" OR http_user_agent="*script*" OR http_referer="*script*")

📊 Metadata

CVE ID: CVE-2024-23786

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-79

Published: February 14, 2024

Last Updated: March 18, 2025

🔗 References

https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf Vendor Advisory
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU94591337/ Third Party Advisory
https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf Vendor Advisory
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU94591337/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23786, you might also want to check these: