CVE-2022-33321 Information

Description

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE HEMS adapter Wi-Fi Interface Air Conditioning Induction hob Mitsubishi Electric HEMS Energy Measurement Unit Refrigerator Remote control with Wi-Fi Interface BATHROOM THERMO VENTILATOR Rice cooker Mitsubishi Electric HEMS control adapter Energy Recovery Ventilator Smart Switch Ventilating Fan Range hood fan Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions see the Mitsubishi Electric’s advisory which is listed in [References] section.

Reference

https://jvn.jp/vu/JVNVU96767562/index.html https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf