Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Pocket WiFi 3.0

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-15574
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Assigner-SEC Consult Vulnerability Lab
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-12 Feb, 2026 | 10:58
Updated-12 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.

Action-Not Available
Vendor-SolaX Power
Product-Pocket WiFi+LANPocket WiFi 4.0Pocket WiFi+4GMPocket WiFi+LAN 2.0Pocket WiFi 3.0
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2025-15575
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Assigner-SEC Consult Vulnerability Lab
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-12 Feb, 2026 | 10:51
Updated-12 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used.

Action-Not Available
Vendor-SolaX Power
Product-Pocket WiFi+LANPocket WiFi 4.0Pocket WiFi+4GMPocket WiFi+LAN 2.0Pocket WiFi 3.0
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-15573
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Assigner-SEC Consult Vulnerability Lab
CVSS Score-9.4||CRITICAL
EPSS-Not Assigned
Published-12 Feb, 2026 | 10:39
Updated-12 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Action-Not Available
Vendor-SolaX Power
Product-Pocket WiFi+LANPocket WiFi 4.0Pocket WiFi+4GMPocket WiFi+LAN 2.0Pocket WiFi 3.0
CWE ID-CWE-295
Improper Certificate Validation