Login Sign Up

CVE-2023-35837

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

SolaX Pocket WiFi 3 devices have a critical authentication vulnerability where the web interface uses a default password equal to the device's registration ID, which is also the WiFi SSID name. Attackers can access the web interface without authentication, reconfigure devices, or upload malicious firmware, leading to complete device compromise. All users of SolaX Pocket WiFi 3 devices with default configurations are affected.

💻 Affected Systems

Products:
  • SolaX Pocket WiFi 3
Versions: through 3.001.02
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default configuration are vulnerable. The registration ID used as default password is visible as WiFi SSID.

📦 What is this software?

Pocket Wifi 3 Firmware by Solax

View all CVEs affecting Pocket Wifi 3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing firmware replacement, persistent backdoor installation, denial of service, and potential lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to device configuration, firmware modification, and potential disruption of solar monitoring/control functions.

🟢

If Mitigated

Limited to network reconnaissance if proper authentication controls are implemented.

🌐 Internet-Facing: HIGH - Devices are typically internet-connected for remote monitoring, making them directly accessible from the internet.
🏢 Internal Only: MEDIUM - Even on internal networks, attackers with WiFi access can exploit the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only the WiFi SSID (registration ID) as password. No technical skills needed beyond basic web access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.solaxpower.com/downloads/

Restart Required: No

Instructions:

1. Check vendor website for firmware updates 2. Download latest firmware 3. Upload via web interface 4. Change default password immediately after update

🔧 Temporary Workarounds

Change Default Password

all

Immediately change the default administrative password to a strong, unique password

Access web interface at device IP > Settings > Change Password

Network Segmentation

all

Isolate SolaX devices on separate VLAN with restricted access

🧯 If You Can't Patch

  • Disable remote web interface access if not required
  • Implement network firewall rules to restrict access to device management interface

🔍 How to Verify

Check if Vulnerable:

1. Connect to SolaX Pocket WiFi network 2. Note SSID name 3. Access web interface at device IP 4. Try logging in with SSID as password

Check Version:

Check firmware version in web interface under System Information

Verify Fix Applied:

1. Attempt to login with old default password (should fail) 2. Verify new strong password is required

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts followed by successful login
  • Firmware upload events
  • Configuration changes from unknown IPs

Network Indicators:

  • HTTP requests to device management interface from unexpected sources
  • Unusual outbound connections from device

SIEM Query:

source_ip=* AND (url_path="/login" OR url_path="/upload") AND user_agent NOT IN ["expected_user_agents"]

📊 Metadata

CVE ID: CVE-2023-35837
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: January 23, 2024
Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON