CVE-2023-35835

Published: Jan 23, 2024Modified: May 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

Affected (1)

Products: Solax: Pocket Wifi 3 Firmware

1 product

Pocket Wifi 3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Solax Pocket Wifi 3 Firmware	From 3.0.0 to 3.009.03_20230504

Running on/with	Platform Versions
Solax Pocket Wifi 3	All versions

References (8)

https://www.solaxpower.com/downloads/

Source: cve@mitre.org

Not Applicable

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/

Source: cve@mitre.org

Not Applicable

https://yougottahackthat.com/blog/

Source: cve@mitre.org

Third Party Advisory

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication

Source: cve@mitre.org

Third Party Advisory

https://www.solaxpower.com/downloads/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://yougottahackthat.com/blog/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.