CVE-2023-35836
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2024
Last modified:
11/06/2025
Description
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.009.03_20230504 (including) |
| cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.solaxpower.com/downloads/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://yougottahackthat.com/blog/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
- https://www.solaxpower.com/downloads/
- https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
- https://yougottahackthat.com/blog/
- https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication