CVE-2023-35836

MEDIUM

SolaX Pocket WiFi 3 Firmware 3.0.0-3.001.02 - Unauthenticated Cleartext Network Configuration Exposure

Title source: llm

Description

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.

References (4)

Core 4

Core References

Not Applicable

https://www.solaxpower.com/downloads/

Product

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/

Third Party Advisory

https://yougottahackthat.com/blog/

Third Party Advisory

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication

Scores

CVSS v3 6.5

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (1)

solax/pocket_wifi_3_firmware 3.0.0 - 3.009.03_20230504

Published Jan 23, 2024

Tracked Since Feb 18, 2026