Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
Description: CAPEC-94 Adversary in the Middle (AiTM)
Solutions
The vendor provides patches for the affected Pocket models which can be obtained throw their customer's Solax Cloud account and using the Pocket firmware upgrade function there.
As of February 10, 2026, the firmware versions for each affected Pocket model are as follows according to the vendor:
1. Pocket WiFi 3.0 – (3.022.03)
2. Pocket WiFi+LAN – (1.009.02)
3. Pocket WiFi+4GM – (1.005.05)
4. Pocket WiFi+LAN 2.0 – (006.06)
5. Pocket WiFi 4.0 – (003.03)
The vendor provided the following further information regarding EV Charger and Adapter Box:
1. EV Charger: The WiFi module firmware supports digital signature, but only one-way authentication is implemented.
2. Adapter Box: The WiFi module firmware supports two-way authentication and digital signature.