Hard-Coded Credentials Vulnerability in Mitsubishi Electric Room Air Conditioners and Related Products
CVE-2026-5667
Key Information:
What is CVE-2026-5667?
A vulnerability exists within various Mitsubishi Electric products, allowing an attacker within Wi-Fi range to exploit hard-coded credentials. This access enables unauthorized retrieval of operation statuses, room temperature settings, and modification of configuration settings. Furthermore, attackers can disrupt Wi-Fi communications, leading to potential denial-of-service conditions, thereby compromising the functional integrity of the affected devices.
Affected Version(s)
Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) HM-01A-EX 01.14 and prior
Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-01HMA 01.14 and prior
Adapters for Airflow Ventilation Systems, Heat Pump Chilled/Hot Water Systems, and Ventilation/Air-Conditioning System Air Resorts (for Japan) P-HM02WA 01.14 and prior