CVE-2022-33321

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric consumer electronics products (affected versions not specified)

Description A Cleartext Transmission of Sensitive Information issue exists due to the use of Basic Authentication for HTTP connections, allowing a remote unauthenticated attacker to disclose information or cause a denial of service (DoS) condition by sniffing credential information, such as username and password. This issue affects a wide range of Mitsubishi Electric consumer electronics products, including PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit, and Air Purifier.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.