CVE-2026-5667 Overview
CVE-2026-5667 is a hard-coded credentials vulnerability [CWE-798] affecting a broad range of Mitsubishi Electric Wi-Fi-enabled consumer and commercial appliances. The affected products include room air conditioners, wireless LAN adapters, refrigerators, heat pump water heaters, bathroom dryers, Lossnay ventilation systems, IH cooking heaters, and rice cookers sold in Japan and select international markets. An attacker within Wi-Fi radio range can connect to an affected device using a hard-coded Service Set Identifier (SSID) and password. Successful access exposes telemetry such as operation status and room temperature, permits modification of device or Wi-Fi settings, and enables a denial-of-service (DoS) condition on Wi-Fi communications.
Critical Impact
Adjacent attackers can authenticate to affected appliances using static built-in credentials, exposing device data, altering configuration, and disrupting Wi-Fi communication.
Affected Products
- Mitsubishi Electric Room Air Conditioners and Wireless LAN Adapters (Japan and outside Japan)
- Mitsubishi Electric Refrigerators, Heat Pump Water Heaters, HEMS-Compatible Adapters, Bathroom Dryer / Heater / Ventilation Systems (Japan)
- Mitsubishi Electric Lossnay Central Ventilation Systems, IH Cooking Heaters, and Rice Cookers (Japan)
Discovery Timeline
- 2026-06-17 - CVE-2026-5667 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2026-5667
Vulnerability Analysis
The weakness stems from the use of static, factory-set Wi-Fi credentials embedded in the firmware of the affected appliances. Because the SSID and password are identical across deployed devices and cannot be rotated by the end user, any attacker within radio range can associate with the device's wireless interface without further authentication. Once associated, the attacker gains a foothold on the appliance's management surface.
From this position, the attacker can read operational telemetry including current operation state, set temperature, and ambient room temperature. The attacker can also write configuration changes to the appliance, such as modifying air-conditioner settings or replacing the Wi-Fi configuration. Repeated association or malformed traffic can drive the Wi-Fi interface into a DoS state, breaking legitimate remote control.
Root Cause
The root cause is the inclusion of hard-coded credentials [CWE-798] in the device firmware. The credentials are not unique per unit and are not derived from user-controlled secrets, which violates standard credential management principles for networked products.
Attack Vector
Exploitation requires adjacency to the target's Wi-Fi radio range. No prior authentication, user interaction, or elevated privileges are required. The attacker discovers the predictable SSID, supplies the known password, and reaches the management interface exposed by the appliance.
No public exploit code or proof-of-concept has been published. Technical details are documented in the JVN Vulnerability Report and the Mitsubishi Electric Security Advisory.
Detection Methods for CVE-2026-5667
Indicators of Compromise
- Unexpected wireless client associations to Mitsubishi appliance SSIDs from devices outside the household or facility owner inventory.
- Unscheduled changes to air-conditioner operation parameters, set temperature values, or Wi-Fi network configuration on affected appliances.
- Sudden loss of Wi-Fi connectivity to a Mitsubishi appliance that previously communicated reliably with its companion mobile application or HEMS controller.
Detection Strategies
- Perform periodic wireless surveys to enumerate appliance SSIDs broadcast on premises and compare against an approved baseline.
- Monitor home or building network gateways for new MAC addresses associating with appliance access points, and alert on unknown clients.
- Correlate appliance event logs and HEMS controller telemetry to identify configuration changes that did not originate from authorized users.
Monitoring Recommendations
- Deploy a wireless intrusion detection sensor in coverage areas where affected appliances operate to capture probe and association activity.
- Review router and access point logs for repeated deauthentication frames or association floods targeting appliance radios.
- Track vendor advisories for additional affected product models and updated firmware availability.
How to Mitigate CVE-2026-5667
Immediate Actions Required
- Apply firmware updates issued by Mitsubishi Electric as listed in the vendor advisory for each affected product family.
- Where firmware updates are not yet available, disable the Wi-Fi function on the appliance until a fix is installed.
- Restrict physical proximity to the appliance by ensuring the Wi-Fi signal does not propagate beyond trusted areas, including parking lots and adjacent units.
Patch Information
Mitsubishi Electric has published remediation guidance and firmware update information in the Mitsubishi Electric Security Advisory. Refer to the JVN Vulnerability Report for coordinated disclosure details and the product-by-product fix schedule.
Workarounds
- Power off the appliance's Wi-Fi adapter when remote control is not in use to remove the exposed radio interface.
- Place affected appliances in environments with minimal external Wi-Fi reachability and avoid mounting them near exterior walls or windows.
- After applying firmware updates, change any configurable network parameters and verify that the previously hard-coded SSID is no longer broadcast.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

