Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Wi-Fi proximity required (AV:A); hard-coded credentials give unauthenticated access with no UI (PR:N/UI:N); full device-data read (C:H), limited setting changes and Wi-Fi DoS (I:L/A:L); no scope change.
Primary rating from Vendor (Mitsubishi).
CVSS VectorVendor: Mitsubishi
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Lifecycle Timeline
1DescriptionCVE.org
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for Japan); Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan); Bathroom Dryer / Heater / Ventilation Systems (for Japan); Adapters for Airflow Ventilation Systems, Heat Pump Chilled / Hot Water Systems, and Ventilation / Air-Conditioning System Air Resorts (for Japan); Lossnay Central Ventilation Systems (for Japan); Smart Switches for Ventilation Fans and Lossnay (for Japan); IH Cooking Heaters (for Japan); and Rice Cookers (for Japan) allows an attacker within Wi-Fi radio range of an affected product to access the affected product using a hard-coded SSID and password, thereby obtaining device data such as operation status, room set temperature, and room temperature; changing the air-conditioner or Wi-Fi settings; or causing Wi-Fi communication to enter a denial-of-service (DoS) condition.
AnalysisAI
Unauthenticated adjacent-network access to a wide range of Mitsubishi Electric Wi-Fi-enabled appliances - including room air conditioners (for Japan and abroad), wireless LAN adapters for room/packaged air conditioners, refrigerators, heat-pump water heaters, bathroom dryer/heater/ventilation units, Lossnay ventilation systems, IH cooking heaters, and rice cookers - is possible via a hard-coded SSID and password embedded in the products' Wi-Fi access-point mode. An attacker within Wi-Fi radio range can read device telemetry (operation status, set/room temperature), alter air-conditioner or Wi-Fi settings, or push the Wi-Fi interface into a denial-of-service state. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must be within Wi-Fi radio range of the target appliance (CVSS AV:A, not AV:N) and the device must be reachable on its wireless interface - typically while the unit is in Wi-Fi setup/AP mode used for initial pairing with the Mitsubishi cloud app, or while running its Wireless LAN adapter (MAC-xxxIF / HM-WFxxx / PAC-WHS01WF-E). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are consistent and point to a moderate, geographically concentrated risk rather than a mass-exploitation event. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sitting in a neighboring apartment, hotel corridor, or building lobby brings a laptop into Wi-Fi range of a target Mitsubishi appliance, connects to its setup-mode SSID using the hard-coded password recovered from firmware analysis or a leak, then queries device telemetry (room temperature, setpoint, operating mode), reconfigures the AC or alters Wi-Fi settings, or floods/locks the radio interface to deny remote-control functionality during a heatwave. No public exploit is identified at time of analysis, but the static credential makes any successful firmware extraction immediately reusable against every same-model unit worldwide. |
| Remediation | Patch availability per vendor advisory (https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-001_en.pdf) - apply the fixed firmware Mitsubishi publishes for your specific model and serial range; representative thresholds in the EUVD listing are firmware 42.00 for room AC models, 51.00 for several outside-Japan models, 01.77 for refrigerators, 01.72 for bathroom dryer/heater/ventilation units, 01.14/01.73 for ventilation adapters, 01.71 for Lossnay central ventilation, 01.74 for smart switches, 01.71 for the IH cooker, and 01.76 for the rice cooker, so any unit at or below those versions requires the vendor update; a meaningful share of listed entries are 'all versions', meaning the only durable fix is the model-specific firmware Mitsubishi releases. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Mitsubishi Electric Wi-Fi appliances and disable Wi-Fi access-point mode where operational requirements permit. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37646