Vulnerabilities (CVE)

Filtered by vendor Solax Subscribe
Filtered by product Pocket Wifi 3
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-35837 1 Solax 2 Pocket Wifi 3, Pocket Wifi 3 Firmware 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges.
CVE-2023-35836 1 Solax 2 Pocket Wifi 3, Pocket Wifi 3 Firmware 2024-11-21 N/A 6.5 MEDIUM
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
CVE-2023-35835 1 Solax 2 Pocket Wifi 3, Pocket Wifi 3 Firmware 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.