Lucene search
K

23 matches found

Vulnrichment
Vulnrichment
added 2026/02/12 10:58 a.m.5 views

CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

5.7AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/12 10:51 a.m.26 views

CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/12 10:39 a.m.31 views

CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/12 10:39 a.m.5 views

CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

5.8AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 10:39 a.m.13 views

CVE-2025-15573

CVE-2025-15573 affects SolaX Power Pocket devices. The issue arises because the devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server (mqtt001.solaxcloud.com:8883), enabling a man-in-the-middle attacker to impersonate the legitimate MQTT server and issue a...

9.4CVSS5.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-39831

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-39832

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00976EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.9 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS7.4AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.8 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.5CVSS6.8AI score0.00317EPSS
Exploits0
OSV
OSV
added 2024/01/23 11:15 p.m.6 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2024/01/23 11:15 p.m.6 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

9.8CVSS5.9AI score0.00976EPSS
Exploits0References4
NVD
NVD
added 2024/01/23 11:15 p.m.16 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

9.8CVSS9.7AI score0.00976EPSS
Exploits0References4
OSV
OSV
added 2024/01/23 11:15 p.m.5 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References4
Prion
Prion
added 2024/01/23 11:15 p.m.15 views

Default credentials

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

7.5CVSS7.7AI score0.00976EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.5 views

SolaX Pocket WiFi Security Vulnerability

SolaX Power SolaX Pocket WiFi is a portable WiFi from SolaX Power. A security vulnerability exists in SolaX Pocket WiFi version 3 through 3.001.02, which stems from a WiFi network that provides a web-based configuration utility and an unauthenticated ModBus protocol interface...

9.8CVSS7AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.6 views

PT-2024-12512 · Solax · Solax Pocket Wifi

Name of the Vulnerable Software and Affected Versions: SolaX Pocket WiFi versions 3 through 3.001.02 Description: An issue was discovered where the device provides a WiFi access point with no network authentication, such as an encryption key, and this network persists permanently. The WiFi networ...

9.8CVSS9.3AI score0.00508EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/23 12:0 a.m.5 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

7.7AI score0.00976EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/23 12:0 a.m.10 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.8AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/23 12:0 a.m.28 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.6AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/23 12:0 a.m.21 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

9.9AI score0.00976EPSS
Exploits0References4
Rows per page
Query Builder