Lucene search

PRIOn knowledge basePRION:CVE-2023-35835

HistoryJan 23, 2024 - 11:15 p.m.

Authentication flaw

2024-01-2323:15:00

PRIOn knowledge base

www.prio-n.com

solax

wifi

authentication

flaw

unencrypted

network

persistent

modbus

interface

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.1%

JSON

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

CPENameOperatorVersion
pocket_wifi_3_firmwarege3.0.0
pocket_wifi_3_firmwarele3.009.03

CPE	Name	Operator	Version
	pocket_wifi_3_firmware	ge	3.0.0
	pocket_wifi_3_firmware	le	3.009.03

References

www.solaxpower.com/downloads/

www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/

yougottahackthat.com/blog/

yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication