CVE-2023-35837
published 2024-01-23CVE-2023-35837: An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.98%
57.7th percentile
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solax | pocket_wifi_3_firmware | 3.0.0 – 3.009.03_20230504 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.solaxpower.com/downloads/https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/https://yougottahackthat.com/blog/https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authenticationhttps://www.solaxpower.com/downloads/https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/https://yougottahackthat.com/blog/https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
2024-01-23
Published