Transmission of Sensitive Information in Mitsubishi Electric Consumer Electronics
CVE-2022-33321

9.8CRITICAL

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Photovoltaic Color Monitor Eco-guide Pv-dr006l-set-m; Photovoltaic Color Monitor Eco-guide Pv-dr006l-ifu-gw-m; Photovoltaic Color Monitor Eco-guide Pv-dr006l-ifu-mrc-m; Photovoltaic Color Monitor Eco-guide Pv-dr006l-set-y
Vendor: CVE Published:; 8 November 2022

Summary

A vulnerability exists in several Mitsubishi Electric consumer electronics products due to their reliance on basic authentication for HTTP connections. This flaw allows a remote, unauthenticated attacker to intercept sensitive information, including usernames and passwords, through cleartext transmissions. As a result, attackers can potentially disclose confidential data or induce a denial of service (DoS) condition. The issue affects a variety of products, highlighting the need for improved security measures to safeguard user data against unauthorized access and exploitation.