Login Sign Up

CVE-2023-35835

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

SolaX Pocket WiFi 3 devices have a permanently enabled, unsecured WiFi access point that provides unauthenticated access to both a web configuration utility and ModBus protocol interface. This allows attackers within WiFi range to reconfigure devices, access sensitive data, or control connected systems. All users of SolaX Pocket WiFi 3 devices are affected.

💻 Affected Systems

Products:
  • SolaX Pocket WiFi 3
Versions: through 3.001.02
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices ship with this vulnerable configuration. The unsecured WiFi persists even after initial setup is complete.

📦 What is this software?

Pocket Wifi 3 Firmware by Solax

View all CVEs affecting Pocket Wifi 3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of connected solar inverter systems allowing remote shutdown, configuration changes, or data exfiltration of energy production data and potentially home network access.

🟠

Likely Case

Unauthorized access to device configuration, viewing of sensitive energy production data, and potential manipulation of inverter settings affecting energy output.

🟢

If Mitigated

Limited impact if device is physically secured in inaccessible locations or if network segmentation prevents lateral movement from compromised device.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical proximity to device WiFi range. No authentication required for web interface or ModBus access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version after 3.001.02

Vendor Advisory: https://www.solaxpower.com/downloads/

Restart Required: Yes

Instructions:

1. Download latest firmware from SolaX website. 2. Connect to device via WiFi. 3. Access web interface at default IP. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Device will restart automatically.

🔧 Temporary Workarounds

Disable WiFi after setup

all

Manually disable the Pocket WiFi's access point after initial configuration is complete

Physical isolation

all

Place device in physically secure location with limited WiFi signal propagation

🧯 If You Can't Patch

  • Physically isolate device in metal enclosure to limit WiFi signal range
  • Implement network segmentation to prevent lateral movement from compromised device

🔍 How to Verify

Check if Vulnerable:

Scan for open WiFi networks named similar to 'SolaX_XXXX' with no password protection. If found and accessible, device is vulnerable.

Check Version:

Connect to device WiFi, access web interface, navigate to system information page to view firmware version

Verify Fix Applied:

After firmware update, verify that WiFi network either requires password or is disabled. Check firmware version in web interface.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to web interface
  • Unexpected configuration changes
  • Unusual ModBus traffic patterns

Network Indicators:

  • WiFi scans detecting open 'SolaX' networks
  • Unauthorized devices connecting to Pocket WiFi network

SIEM Query:

source="network_scanner" AND (ssid="SolaX*" AND security="OPEN")

📊 Metadata

CVE ID: CVE-2023-35835
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: January 23, 2024
Last Updated: May 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON