1. Home
  2. CVE Database
  3. CVE-2023-35837
CRITICAL · 9.8

CVE-2023-35837

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a d...

Vulnerability Description

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SolaxPocket Wifi 3 Firmware>= 3.0.0, <= 3.009.03_20230504
SolaxPocket Wifi 3-

References

FAQ

What is CVE-2023-35837?

CVE-2023-35837 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a d...

How severe is CVE-2023-35837?

CVE-2023-35837 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-35837?

Check the references section above for vendor advisories and patch information. Affected products include: Solax Pocket Wifi 3 Firmware, Solax Pocket Wifi 3.