Lucene search
+L

75 matches found

vulnrichment
vulnrichment
added 2025/09/10 8:50 a.m.3 views

CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS6.3AI score0.00256EPSS
Exploits0References2
cve
cve
added 2025/09/10 8:50 a.m.18 views

CVE-2025-36756

The CVE-2025-36756 entry describes a missing-authorization vulnerability in the SolaX Cloud platform that could allow takeover of a known-serial-number SolaX solar inverter. Affected component is the SolaX Cloud platform beneath the inverter management flow; root cause is insufficient access cont...

5.8CVSS6.4AI score0.00256EPSS
Exploits0References2
cvelist
cvelist
added 2025/09/10 8:50 a.m.10 views

CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS0.00256EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/10 12:0 a.m.6 views

PT-2025-37029

Name of the Vulnerable Software and Affected Versions: SolaX Cloud affected versions not specified Description: It is possible to bypass the administrator login screen. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. Recommendations: At...

6.3CVSS6.3AI score0.00314EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/09/10 12:0 a.m.6 views

SolaX Cloud 安全漏洞

SolaX Cloud is a photovoltaic monitoring and management platform from the Chinese company SolaX. A security vulnerability exists in SolaX Cloud that stems from a lack of authorization and could lead to the takeover of a solar inverter...

5.8CVSS6.7AI score0.00256EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/09/10 12:0 a.m.4 views

SolaX Cloud 安全漏洞

SolaX Cloud is a PV monitoring and management platform from SolaX China. A security vulnerability exists in SolaX Cloud that stems from an administrator login screen bypass that could result in limited system access...

6.3CVSS6.7AI score0.00314EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/10 12:0 a.m.4 views

PT-2025-37028

Name of the Vulnerable Software and Affected Versions: SolaX Cloud platform affected versions not specified Description: A missing authorization issue exists on the SolaX Cloud platform. This allows unauthorized access and potential takeover of SolaX solar panel inverters when the serial number i...

5.8CVSS6.3AI score0.00256EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/09/10 12:0 a.m.6 views

PT-2025-37031

Name of the Vulnerable Software and Affected Versions: SolaX Cloud versions prior to 27-06-2025 Description: SolaX Cloud leaks sensitive information, such as user email addresses and phone numbers, by suggesting similar user accounts when user names are provided. This information disclosure poses...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/09/10 12:0 a.m.5 views

SolaX Cloud 安全漏洞

SolaX Cloud is a photovoltaic monitoring and management platform from SolaX China. A security vulnerability exists in SolaX Cloud, which stems from the username suggestion feature leaking sensitive information...

8.7CVSS6.7AI score0.00312EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/09/10 12:0 a.m.4 views

SolaX Cloud 安全漏洞

SolaX Cloud is a PV monitoring and management platform from SolaX China. A security vulnerability exists in SolaX Cloud that stems from a bypass of the Forgot Password feature, which could lead to an authentication attempt limit bypass...

6.3CVSS6.9AI score0.00475EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/10 12:0 a.m.6 views

PT-2025-37030

Name of the Vulnerable Software and Affected Versions: SolaX Cloud affected versions not specified Description: It is possible to bypass the clipping level of authentication attempts through the 'Forgot Password' functionality, acting as an oracle. Recommendations: At the moment, there is no...

6.3CVSS6.5AI score0.00475EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 4:37 a.m.10 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS7.4AI score0.00508EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:36 a.m.8 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.5CVSS6.8AI score0.00317EPSS
Exploits0
osv
osv
added 2024/01/23 11:15 p.m.6 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
nvd
nvd
added 2024/01/23 11:15 p.m.19 views

CVE-2023-35836

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References4
nvd
nvd
added 2024/01/23 11:15 p.m.19 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

9.8CVSS9.7AI score0.00976EPSS
Exploits0References4
osv
osv
added 2024/01/23 11:15 p.m.6 views

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

9.8CVSS5.9AI score0.00976EPSS
Exploits0References4
osv
osv
added 2024/01/23 11:15 p.m.5 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References4
nvd
nvd
added 2024/01/23 11:15 p.m.28 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS9.7AI score0.00508EPSS
Exploits0References4
prion
prion
added 2024/01/23 11:15 p.m.16 views

Default credentials

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as...

7.5CVSS7.7AI score0.00976EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder