CVE-2025-15574
📋 TL;DR
This vulnerability allows attackers who obtain SolaX device registration numbers to connect to the SolaX Cloud MQTT server and impersonate legitimate devices. Affected users include owners of SolaX Power Pocket devices and inverters that connect to the SolaX Cloud service.
💻 Affected Systems
- SolaX Power Pocket devices
- SolaX inverters with cloud connectivity
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could send malicious commands to inverters, potentially causing physical damage, disrupting power systems, or manipulating energy data for financial gain.
Likely Case
Attackers could monitor energy production data, manipulate inverter settings, or disrupt normal operations of affected solar power systems.
If Mitigated
With proper network segmentation and monitoring, impact would be limited to unauthorized data access and potential service disruption.
🎯 Exploit Status
Exploitation requires knowledge of the proprietary XOR/transposition algorithm and access to device registration numbers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check vendor advisory
Vendor Advisory: https://r.sec-consult.com/solax
Restart Required: No
Instructions:
1. Contact SolaX support for firmware updates. 2. Apply any available patches to affected devices. 3. Update cloud service authentication mechanisms.
🔧 Temporary Workarounds
Network segmentation
allIsolate SolaX devices from internet access and restrict MQTT traffic to trusted networks only.
🧯 If You Can't Patch
- Disconnect devices from SolaX Cloud service if not essential
- Implement network monitoring for unusual MQTT connections to SolaX servers
🔍 How to Verify
Check if Vulnerable:
Check if your SolaX device uses the 10-character registration number for MQTT authentication and connects to SolaX Cloud.Check Version:
Check device firmware version through SolaX mobile app or web interface.Verify Fix Applied:
Verify with SolaX support that authentication no longer uses the vulnerable algorithm and registration numbers.📡 Detection & Monitoring
Log Indicators:
- Multiple failed MQTT authentication attempts
- Unusual MQTT connections from unexpected IP addresses
Network Indicators:
- MQTT traffic to SolaX servers from unauthorized sources
- Unusual command patterns in MQTT payloads
SIEM Query:
source_ip NOT IN (trusted_ips) AND dest_port=1883 AND dest_ip IN (solaX_servers)