CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-15575

The CVE-2025-15575 issue affects Solax Power Pocket WiFi. The firmware update functionality does not verify the authenticity of supplied firmware update files and lacks cryptographic checks (e.g., digital signatures). ESP32 security features such as secure boot are not used. Root cause: no authen...

PT-2026-7837

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi affected versions not specified Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the...

CVE-2025-65829

The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...

PT-2025-50537

Name of the Vulnerable Software and Affected Versions Meatmeet basestation devices with ESP32 system on a chip affected versions not specified Description The ESP32 system on a chip used in Meatmeet basestation devices lacks Secure Boot functionality. Secure Boot verifies the authenticity of...