CVE-2022-40269
Description
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote unauthenticated attacker can disclose sensitive browser data or spoof legitimate users via improper HTML attributes in Mitsubishi Electric GOT2000 and GT SoftGOT2000 GOT Mobile functionality.
Vulnerability
An authentication bypass by spoofing vulnerability (CWE-290) exists in the GOT Mobile function of Mitsubishi Electric GOT2000 Series GT27 and GT25 models (versions 01.14.000 to 01.47.000) and GT SoftGOT2000 (versions 1.265B to 1.285X). The flaw arises from inappropriate control of HTML attributes, allowing an attacker to craft a malicious page that mimics the legitimate GOT Mobile interface [1].
Exploitation
A remote unauthenticated attacker can exploit this weakness by luring a user who has the GOT Mobile function enabled to visit a specially crafted web page. The attacker does not need prior network access to the GOT device; instead, they abuse improper HTML attribute handling to execute a spoofing attack [1].
Impact
Successful exploitation can lead to disclosure of sensitive information from the victim's web browser (such as cookies or session tokens) and impersonation of legitimate users, enabling further unauthorized actions within the GOT Mobile environment [1].
Mitigation
Mitsubishi Electric has released updated firmware for the affected products; users should upgrade to the latest versions specified in the vendor advisory. For GOT2000 Series, versions after 01.47.000 are fixed; GT SoftGOT2000 users should update to a version later than 1.285X. Refer to vendor documentation for version confirmation and update procedures [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
501.14.000 to 01.47.000+ 2 more
- (no CPE)range: 01.14.000 to 01.47.000
- (no CPE)range: 01.14.000 to 01.47.000
- (no CPE)range: 01.14.000 to 01.47.000
1.265B to 1.285X+ 1 more
- (no CPE)range: 1.265B to 1.285X
- (no CPE)range: 1.265B to 1.285X
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.