CVE-2023-35835
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://yougottahackthat.com/blog/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://www.solaxpower.com/downloads/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://yougottahackthat.com/blog/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://www.solaxpower.com/downloads/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.