CVE-2023-35835

EPSS 0.2%
Veröffentlicht 23.01.2024 23:15:07
Zuletzt bearbeitet 30.05.2025 15:15:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solax ≫ Pocket Wifi 3 Firmware Version >= 3.0.0 <= 3.009.03_20230504

Solax ≫ Pocket Wifi 3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.421

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.solaxpower.com/downloads/

Not Applicable

https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/

Not Applicable

https://yougottahackthat.com/blog/

Third Party Advisory

https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35835

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-35835