SecuriTricks - CVE-2026-5667

Description

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for Japan); Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan); Bathroom Dryer / Heater / Ventilation Systems (for Japan); Adapters for Airflow Ventilation Systems, Heat Pump Chilled / Hot Water Systems, and Ventilation / Air-Conditioning System Air Resorts (for Japan); Lossnay Central Ventilation Systems (for Japan); Smart Switches for Ventilation Fans and Lossnay (for Japan); IH Cooking Heaters (for Japan); and Rice Cookers (for Japan) allows an attacker within Wi-Fi radio range of an affected product to access the affected product using a hard-coded SSID and password, thereby obtaining device data such as operation status, room set temperature, and room temperature; changing the air-conditioner or Wi-Fi settings; or causing Wi-Fi communication to enter a denial-of-service (DoS) condition.

Product(s) Impacted

Vendor	Product	Versions
Mitsubishi Electric	Room Air Conditioner Wlan Adapter Room Air Conditioner Wlan Adapter Packaged Air Conditioner Refrigerator Heat Pump Water Heater Hems Compatible Adapter Wlan Adapter Heat Pump Water Heater Bathroom Dryer Heater Ventilation Systems Adapter Airflow Ventilation Systems Heat Pump Chilled Hot Water Systems Ventilation Air Conditioning Systems Lossnay Central Ventilation Systems Smart Switch Ventilation Ih Cooking Heater Rice Cooker	* * * * * * * * * * * * * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mitsubishi_electric	room_air_conditioner	/	/	/	/	/	/	/	/
a	mitsubishi_electric	wlan_adapter_room_air_conditioner	/	/	/	/	/	/	/	/
a	mitsubishi_electric	wlan_adapter_packaged_air_conditioner	/	/	/	/	/	/	/	/
a	mitsubishi_electric	refrigerator	/	/	/	/	/	/	/	/
a	mitsubishi_electric	heat_pump_water_heater	/	/	/	/	/	/	/	/
a	mitsubishi_electric	hems_compatible_adapter	/	/	/	/	/	/	/	/
a	mitsubishi_electric	wlan_adapter_heat_pump_water_heater	/	/	/	/	/	/	/	/
a	mitsubishi_electric	bathroom_dryer_heater_ventilation_systems	/	/	/	/	/	/	/	/
a	mitsubishi_electric	adapter_airflow_ventilation_systems	/	/	/	/	/	/	/	/
a	mitsubishi_electric	heat_pump_chilled_hot_water_systems	/	/	/	/	/	/	/	/
a	mitsubishi_electric	ventilation_air_conditioning_systems	/	/	/	/	/	/	/	/
a	mitsubishi_electric	lossnay_central_ventilation_systems	/	/	/	/	/	/	/	/
a	mitsubishi_electric	smart_switch_ventilation	/	/	/	/	/	/	/	/
a	mitsubishi_electric	ih_cooking_heater	/	/	/	/	/	/	/	/
a	mitsubishi_electric	rice_cooker	/	/	/	/	/	/	/	/

References

https://jvn.jp/vu/JVNVU99620284/

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-001_en.pdf

CVSS Score

7.2 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: LOW
Availability Impact: LOW
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: June 17, 2026, 1:20 p.m.
Last Modified: June 17, 2026, 4:21 p.m.

Status : Deferred

When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.

More info

Source

[email protected]

CVE-2026-5667