CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

🗓️ 12 Feb 2026 10:58:29Reported by SEC-VLabType

Solax Pocket WiFi MQTT uses 10-char registration as username and XOR-derived password, enabling impersonation.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2025-15574	12 Feb 202610:58	–	attackerkb
CNNVD	SolaX Power Pocket 安全漏洞	12 Feb 202600:00	–	cnnvd
CVE	CVE-2025-15574	12 Feb 202610:58	–	cve
NVD	CVE-2025-15574	12 Feb 202611:15	–	nvd
Positive Technologies	PT-2026-7836	12 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15574	13 Feb 202613:22	–	redhatcve
Vulnrichment	CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection	12 Feb 202610:58	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi 3.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<3.022.03"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+LAN",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<1.009.02"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+4GM",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<1.005.05"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi+LAN 2.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<006.06"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Pocket WiFi 4.0",
    "vendor": "SolaX Power",
    "versions": [
      {
        "status": "affected",
        "version": "<003.03"
      }
    ]
  }
]

Source	Link
r	www.r.sec-consult.com/solax

12 Feb 2026 10:58Current

EPSS0.00177

CWE-330