Vulnerabilities > CVE-2023-35836 - Unspecified vulnerability in Solax Pocket Wifi 3 Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

solax

NVD

Published: 2024-01-23

Updated: 2024-01-31

Summary

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.

Vulnerable Configurations

Part	Description	Count
OS	Solax Solax Pocket Wifi 3 Firmware *	1
Hardware	Solax Solax Pocket Wifi 3 -	1

References

https://yougottahackthat.com/blog/
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
https://www.solaxpower.com/downloads/
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication