CVE-2026-21660

CRITICAL

Frick Controls Quantum HD <10.22 - Info Disclosure

Title source: llm

Description

Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0004
EPSS Percentile 12.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-256 CWE-522
Status published

Affected Products (1)

johnsoncontrols/frick_controls_quantum_hd_firmware < 10.22

Timeline

Published Feb 27, 2026
Tracked Since Feb 27, 2026