Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a remote unauthenticated malicious user to change the product settings.