← Zuruck zu CVEs

CVE-2023-35835

CRITICAL

9.8

Beschreibung

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/23/2024

Zuletzt geandert5/30/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

solax:pocket_wifi_3solax:pocket_wifi_3_firmware

Referenzen

https://www.solaxpower.com/downloads/(cve@mitre.org)

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/(cve@mitre.org)

https://yougottahackthat.com/blog/(cve@mitre.org)

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication(cve@mitre.org)

https://www.solaxpower.com/downloads/(af854a3a-2127-422b-91ae-364da2661108)

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/(af854a3a-2127-422b-91ae-364da2661108)

https://yougottahackthat.com/blog/(af854a3a-2127-422b-91ae-364da2661108)

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.