← Volver a CVEs
CVE-2025-15573
CRITICAL9.4
Descripcion
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
Detalles CVE
Puntuacion CVSS v3.19.4
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/12/2026
Ultima modificacion2/12/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-295
Referencias
https://r.sec-consult.com/solax(551230f0-3615-47bd-b7cc-93e92e730bbf)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.