Skip to main content

Room Air Conditioners Outside Japan Msz Bt50Vgk Et2

1 CVEs product

Monthly

CVE-2026-5667 HIGH This Week

Unauthenticated adjacent-network access to a wide range of Mitsubishi Electric Wi-Fi-enabled appliances - including room air conditioners (for Japan and abroad), wireless LAN adapters for room/packaged air conditioners, refrigerators, heat-pump water heaters, bathroom dryer/heater/ventilation units, Lossnay ventilation systems, IH cooking heaters, and rice cookers - is possible via a hard-coded SSID and password embedded in the products' Wi-Fi access-point mode. An attacker within Wi-Fi radio range can read device telemetry (operation status, set/room temperature), alter air-conditioner or Wi-Fi settings, or push the Wi-Fi interface into a denial-of-service state. No public exploit is identified at time of analysis (EPSS 0.15%, percentile 5%; CISA SSVC Exploitation: none) and the issue is not in CISA KEV, but the credentials are static across the product line, making opportunistic abuse trivial once they are leaked or recovered from firmware.

Room Air Conditioners For Japan Msz Bkr2223 W Room Air Conditioners For Japan Msz Bkr2224 W Room Air Conditioners For Japan Msz Bkr2523 W Room Air Conditioners For Japan Msz Bkr2524 W Room Air Conditioners For Japan Msz Bkr2823 W +2476
NVD VulDB
CVSS 4.0
7.2
EPSS
0.2%
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated adjacent-network access to a wide range of Mitsubishi Electric Wi-Fi-enabled appliances - including room air conditioners (for Japan and abroad), wireless LAN adapters for room/packaged air conditioners, refrigerators, heat-pump water heaters, bathroom dryer/heater/ventilation units, Lossnay ventilation systems, IH cooking heaters, and rice cookers - is possible via a hard-coded SSID and password embedded in the products' Wi-Fi access-point mode. An attacker within Wi-Fi radio range can read device telemetry (operation status, set/room temperature), alter air-conditioner or Wi-Fi settings, or push the Wi-Fi interface into a denial-of-service state. No public exploit is identified at time of analysis (EPSS 0.15%, percentile 5%; CISA SSVC Exploitation: none) and the issue is not in CISA KEV, but the credentials are static across the product line, making opportunistic abuse trivial once they are leaked or recovered from firmware.

Room Air Conditioners For Japan Msz Bkr2223 W Room Air Conditioners For Japan Msz Bkr2224 W Room Air Conditioners For Japan Msz Bkr2523 W +2478
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy