CVE-2025-15575
📋 TL;DR
This vulnerability allows attackers to install malicious firmware on affected devices by bypassing authentication checks during firmware updates. It affects ESP32-based devices that lack secure boot and firmware signature verification. Device owners and administrators are at risk of compromised device functionality.
💻 Affected Systems
- Solax Power products with ESP32-based firmware
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover with persistent malicious firmware, enabling data theft, botnet enrollment, or physical damage if device controls critical systems.
Likely Case
Unauthorized firmware modification leading to data interception, device malfunction, or backdoor installation for future attacks.
If Mitigated
No impact if proper firmware signature verification and secure boot are implemented.
🎯 Exploit Status
Requires network access to firmware update endpoint and ability to craft malicious firmware image.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for latest firmware
Vendor Advisory: https://r.sec-consult.com/solax
Restart Required: Yes
Instructions:
1. Contact Solax Power for patched firmware. 2. Download official firmware from vendor. 3. Apply update through official management interface. 4. Verify secure boot and signature verification are enabled.
🔧 Temporary Workarounds
Disable remote firmware updates
allPrevent unauthorized firmware flashing by disabling remote update capabilities
Consult device documentation for disabling remote firmware updates
Network segmentation
allIsolate affected devices on separate VLAN with strict firewall rules
🧯 If You Can't Patch
- Physically secure devices to prevent local access to firmware update interfaces
- Monitor network traffic for unexpected firmware update attempts and block suspicious sources
🔍 How to Verify
Check if Vulnerable:
Check if firmware update process accepts unsigned firmware files via network or local interfaceCheck Version:
Check device management interface or console for firmware versionVerify Fix Applied:
Attempt to flash unsigned firmware - should be rejected with cryptographic validation error📡 Detection & Monitoring
Log Indicators:
- Unexpected firmware update attempts
- Firmware validation failures
- Unauthorized firmware version changes
Network Indicators:
- Firmware update traffic from unauthorized sources
- Large file transfers to device update endpoints
SIEM Query:
source="device_logs" AND (event="firmware_update" OR event="firmware_validation") AND result!="success"