Johnsoncontrols Frick Controls Quantum Hd Firmware vulnerabilities
6 known vulnerabilities affecting johnsoncontrols/frick_controls_quantum_hd_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6
Vulnerabilities
Page 1 of 1
CVE-2026-21654P2CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21654 [CRITICAL] CWE-78 CVE-2026-21654: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issu
nvd
CVE-2026-21659P2CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21659 [CRITICAL] CWE-23 CVE-2026-21659: Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) v
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to
execute arbitrary code on the affected device, leading to full system compromise.
This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD
nvd
CVE-2026-21658P2CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21658 [CRITICAL] CWE-94 CVE-2026-21658: Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection')
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This is
nvd
CVE-2026-21656P2CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21656 [CRITICAL] CWE-94 CVE-2026-21656: Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD ver
nvd
CVE-2026-21657P2CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21657 [CRITICAL] CWE-94 CVE-2026-21657: Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD ver
nvd
CVE-2026-21660P3CRITICALCVSS 9.8≤ 10.222026-02-27
CVE-2026-21660 [CRITICAL] CWE-256 CVE-2026-21660: Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise
This issue affects Frick Controls Quantum HD version 10.22 and prior.
nvd