SolaX
Products
4- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35837 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2024 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same… | ||
| CVE-2023-35835 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2024 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup… | ||
| CVE-2025-15573 | Cri | 0.61 | 9.4 | 0.00 | Feb 12, 2026 | The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue… | ||
| CVE-2025-36759 | Hig | 0.57 | — | 0.00 | Sep 10, 2025 | Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. | ||
| CVE-2023-35836 | Med | 0.42 | 6.5 | 0.00 | Jan 23, 2024 | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further… | ||
| CVE-2025-36758 | Med | 0.41 | — | 0.00 | Sep 10, 2025 | It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle. | ||
| CVE-2025-36757 | Med | 0.41 | — | 0.00 | Sep 10, 2025 | It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system. | ||
| CVE-2018-2409 | Med | 0.41 | 6.3 | 0.01 | Apr 10, 2018 | Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform. | ||
| CVE-2025-36756 | Med | 0.38 | — | 0.00 | Sep 10, 2025 | A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known. |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup…
- risk 0.61cvss 9.4epss 0.00
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue…
- risk 0.57cvss —epss 0.00
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further…
- risk 0.41cvss —epss 0.00
It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.
- risk 0.41cvss —epss 0.00
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.
- risk 0.41cvss 6.3epss 0.01
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
- risk 0.38cvss —epss 0.00
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.