Vendor
SolaX
Products
3
CVEs
3
Across products
3
Status
Private
Products
3- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15573 | Cri | 0.61 | 9.4 | 0.00 | Feb 12, 2026 | The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices. | ||
| CVE-2025-36759 | Hig | 0.57 | — | 0.00 | Sep 10, 2025 | Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. | ||
| CVE-2025-36756 | Med | 0.38 | — | 0.00 | Sep 10, 2025 | A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known. |
- risk 0.61cvss 9.4epss 0.00
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.
- risk 0.57cvss —epss 0.00
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
- risk 0.38cvss —epss 0.00
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.