Vulnerability Description
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solax | Pocket Wifi 3 Firmware | >= 3.0.0, <= 3.009.03_20230504 |
| Solax | Pocket Wifi 3 | - |
References
- https://www.solaxpower.com/downloads/Not Applicable
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/Not Applicable
- https://yougottahackthat.com/blog/Third Party Advisory
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-auThird Party Advisory
- https://www.solaxpower.com/downloads/Not Applicable
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/Not Applicable
- https://yougottahackthat.com/blog/Third Party Advisory
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-auThird Party Advisory
FAQ
What is CVE-2023-35835?
CVE-2023-35835 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an ...
How severe is CVE-2023-35835?
CVE-2023-35835 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35835?
Check the references section above for vendor advisories and patch information. Affected products include: Solax Pocket Wifi 3 Firmware, Solax Pocket Wifi 3.