An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
References
Link | Resource |
---|---|
https://www.solaxpower.com/downloads/ | Not Applicable |
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/ | Product |
https://yougottahackthat.com/blog/ | Third Party Advisory |
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
28 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
31 Jan 2024, 18:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://yougottahackthat.com/blog/ - Third Party Advisory | |
References | () https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/ - Product | |
References | () https://www.solaxpower.com/downloads/ - Not Applicable | |
References | () https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication - Third Party Advisory | |
CPE | cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:* cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Solax
Solax pocket Wifi 3 Firmware Solax pocket Wifi 3 |
|
CWE | NVD-CWE-noinfo |
23 Jan 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 23:15
Updated : 2024-10-28 19:35
NVD link : CVE-2023-35836
Mitre link : CVE-2023-35836
CVE.ORG link : CVE-2023-35836
JSON object : View
Products Affected
solax
- pocket_wifi_3
- pocket_wifi_3_firmware
CWE