Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by solax
CVE-2025-15573 (GCVE-0-2025-15573)
Vulnerability from nvd – Published: 2026-02-12 10:39 – Updated: 2026-02-12 14:48
VLAI
Title
Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection
Summary
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
Severity
9.4 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://r.sec-consult.com/solax |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| SolaX Power | Pocket WiFi 3.0 |
Affected:
<3.022.03
|
|
| SolaX Power | Pocket WiFi+LAN |
Affected:
<1.009.02
|
|
| SolaX Power | Pocket WiFi+4GM |
Affected:
<1.005.05
|
|
| SolaX Power | Pocket WiFi+LAN 2.0 |
Affected:
<006.06
|
|
| SolaX Power | Pocket WiFi 4.0 |
Affected:
<003.03
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:47:36.281880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:48:08.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi 3.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c3.022.03"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+LAN",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c1.009.02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+4GM",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c1.005.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+LAN 2.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c006.06"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi 4.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c003.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T10:58:08.065Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"url": "https://r.sec-consult.com/solax"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer\u0027s Solax Cloud account and using the Pocket firmware upgrade function there.\u003cbr\u003e\u003cbr\u003eAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\u003cbr\u003e1. Pocket WiFi 3.0 \u2013 (3.022.03)\u003cbr\u003e2. Pocket WiFi+LAN \u2013 (1.009.02)\u003cbr\u003e3. Pocket WiFi+4GM \u2013 (1.005.05)\u003cbr\u003e4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\u003cbr\u003e5. Pocket WiFi 4.0 \u2013 (003.03)\u003cbr\u003e\u003cbr\u003eThe vendor provided the following further information regarding EV Charger and Adapter Box:\u003cbr\u003e1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\u003cbr\u003e2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.\u003cbr\u003e"
}
],
"value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer\u0027s Solax Cloud account and using the Pocket firmware upgrade function there.\n\nAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\n1. Pocket WiFi 3.0 \u2013 (3.022.03)\n2. Pocket WiFi+LAN \u2013 (1.009.02)\n3. Pocket WiFi+4GM \u2013 (1.005.05)\n4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\n5. Pocket WiFi 4.0 \u2013 (003.03)\n\nThe vendor provided the following further information regarding EV Charger and Adapter Box:\n1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\n2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-15573",
"datePublished": "2026-02-12T10:39:35.796Z",
"dateReserved": "2026-02-09T09:43:49.723Z",
"dateUpdated": "2026-02-12T14:48:08.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15573 (GCVE-0-2025-15573)
Vulnerability from cvelistv5 – Published: 2026-02-12 10:39 – Updated: 2026-02-12 14:48
VLAI
Title
Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection
Summary
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
Severity
9.4 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://r.sec-consult.com/solax |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| SolaX Power | Pocket WiFi 3.0 |
Affected:
<3.022.03
|
|
| SolaX Power | Pocket WiFi+LAN |
Affected:
<1.009.02
|
|
| SolaX Power | Pocket WiFi+4GM |
Affected:
<1.005.05
|
|
| SolaX Power | Pocket WiFi+LAN 2.0 |
Affected:
<006.06
|
|
| SolaX Power | Pocket WiFi 4.0 |
Affected:
<003.03
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:47:36.281880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:48:08.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi 3.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c3.022.03"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+LAN",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c1.009.02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+4GM",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c1.005.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi+LAN 2.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c006.06"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pocket WiFi 4.0",
"vendor": "SolaX Power",
"versions": [
{
"status": "affected",
"version": "\u003c003.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T10:58:08.065Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"url": "https://r.sec-consult.com/solax"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer\u0027s Solax Cloud account and using the Pocket firmware upgrade function there.\u003cbr\u003e\u003cbr\u003eAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\u003cbr\u003e1. Pocket WiFi 3.0 \u2013 (3.022.03)\u003cbr\u003e2. Pocket WiFi+LAN \u2013 (1.009.02)\u003cbr\u003e3. Pocket WiFi+4GM \u2013 (1.005.05)\u003cbr\u003e4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\u003cbr\u003e5. Pocket WiFi 4.0 \u2013 (003.03)\u003cbr\u003e\u003cbr\u003eThe vendor provided the following further information regarding EV Charger and Adapter Box:\u003cbr\u003e1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\u003cbr\u003e2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.\u003cbr\u003e"
}
],
"value": "The vendor provides patches for the affected Pocket models which can be obtained throw their customer\u0027s Solax Cloud account and using the Pocket firmware upgrade function there.\n\nAs of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:\n1. Pocket WiFi 3.0 \u2013 (3.022.03)\n2. Pocket WiFi+LAN \u2013 (1.009.02)\n3. Pocket WiFi+4GM \u2013 (1.005.05)\n4. Pocket WiFi+LAN 2.0 \u2013 (006.06)\n5. Pocket WiFi 4.0 \u2013 (003.03)\n\nThe vendor provided the following further information regarding EV Charger and Adapter Box:\n1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.\n2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-15573",
"datePublished": "2026-02-12T10:39:35.796Z",
"dateReserved": "2026-02-09T09:43:49.723Z",
"dateUpdated": "2026-02-12T14:48:08.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}