Vulnerabilities > CVE-2023-35835 - Unspecified vulnerability in Solax Pocket Wifi 3 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

solax

critical

NVD

Published: 2024-01-23

Updated: 2024-02-06

Summary

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

Vulnerable Configurations

Part	Description	Count
OS	Solax Solax Pocket Wifi 3 Firmware *	1
Hardware	Solax Solax Pocket Wifi 3 -	1

References

https://yougottahackthat.com/blog/
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
https://www.solaxpower.com/downloads/
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication